Hello, Operator? A Technical Analysis of Vishing Threats

This report describes how attackers use voice-based social engineering (vishing) against service desks—probing employee identification processes, exploiting scripted call-handling and verification gaps, spoofing caller IDs, and leveraging pretexts like forgotten passwords or travel-related phone loss—to gain unauthorized access or reset MFA. It details reconnaissance techniques, escalation paths for account compromise, and recommends defense-in-depth measures and secure verification practices to reduce the risk.