2LRN4 security awareness platform
← Back to overview

Vishing and ghost calls

Pause, verify and stick to the procedure. How to recognise phone-based fraud and stop it.

Pause, verify and stick to the procedure. This e-learning teaches employees to recognise vishing and stop it, even when the caller sounds very convincing.

The phone rings. A friendly voice on the other end. "Hello, this is Mark from IT. I just need to check something on your login quickly, otherwise you'll get a lockout notification soon." It sounds urgent, the number looks like it belongs to IT, and the caller even knows the name of your team. At that moment trust tilts in a direction you do not want.

The Vishing and ghost calls course covers fraud that comes in by phone. Vishing — voice phishing — works differently from e-mail fraud. There is time pressure, social interaction, no chance for a calm second reading. That is precisely why employees need a procedure they can apply when their gut tells them something is off.

Employees learn the three steps that always work: pause, verify, hold. Pause means hang up or wait — not act in panic. Verify means call back on a number you look up yourself, not the number the caller gave. Hold means follow the procedure even when the caller keeps insisting it is really very urgent.

The course covers typical scenarios: a fake IT colleague, a supplier with a "rush change" of bank details, a fake executive requesting payment outside normal procedure, or an external claiming to call on behalf of the tax office. Each scenario shows the same structure: time pressure, authority, an exception to the procedure. Recognise the pattern once, and it surfaces faster next time.

Finally it becomes clear that reporting is essential, even if you did not act on the request. A good report helps colleagues who get the same attempt later in the day, and gives IT and security the signal that a campaign is running.

The core message is clear: a genuinely important request always survives a brief pause — a fake one almost never.

What does the participant learn concretely?

After completing this course:

  • the participant knows the typical patterns of vishing
  • they apply the three-step approach pause-verify-hold
  • the participant recognises scenarios with time pressure and pseudo-authority

Who is this course for?

This course is suitable for:

  • employees with phone-based customer or supplier contact
  • finance and HR teams
  • executive assistants and board support

Why this course is relevant now

Attackers combine vishing with data from earlier breaches and with AI voice clones. What used to be an innocent phone call has become a credible attack technique.