Telephone Attacks

SMShing, Vishing and War-Dialing



Very similar to how a phishing email works, SMShing will focus on text messages and attacks against staff mobile phones. These can be generic messages or highly focused ‘spears’ akin to Spear Phishing Emails. User statistics such as click through rates of enclosed links, browser & device information are obtained and reported on.

SMShing is a commonly used attack vector in the wild yet few businesses adopt assessments into their testing habits. Choosing to defy this trend, your business could benefit from the foresight in testing staff.

  • Bulk SMS messages can be sent, covering 1 member of staff to a million.
  • Custom sender ID, we can mask the sender with a custom name.
  • Full data analytics, every text message traced, Every click and time saved.
  • Guide users to reply with information, click a link or even navigate to a custom login portal that will harvest credentials – right from their mobile phone in seconds.
  • Secure data, Your staff data is in good hands every step of the way. We work directly with the nation’s safest SMS service centres.


Further reading can be found in our SMShing informational PDF Download_PDF

Take a look at how we are working to reduce these frauds in our blog Project ‘Sender ID’




With the added layer of reassurance that comes from talking to a real person, an employee is more likely to comply with the demands of an attacker. Telephone attacks or ‘Vishing’ can be combined with other methods to really engage the employee in a well-constructed pretext. Social engineering attacks chip away at an organisation gathering information and use this information at a later date.

The AntiSocial Engineer Limited will guide you through these assessments and work with every client on an individual basis to ensure a bespoke package is constructed. You will be able to test the effectiveness of staff training and assess the kind of information that is obtainable over the phone. These assessments prove to be quite useful when used in conjunction with other kinds of social engineering assessments such as physical penetration testing.


Further reading can be found in our Vishing informational PDF Download_PDF

Take a look at how Vishing works in real life, read our blog SIM Swap Fraud.




Large companies often use blocks of phone numbers. By revealing 0300 111111 and 0300 111130 for example, we can start to look at the numbers in-between. Normally fax machines are revealed and also the telephone numbers for different departments. Using tools designed for this purpose, we can record and analyse the response to our calls – including human responses into further Vishing campaigns.



Make contact today to discuss any of these options.