Fancy equipping your teams with combatting vishing skills in a safe environment?
Vishing (short for voice phishing) is a cyberattack in which criminals use phone calls or voice messages to trick people into revealing sensitive information, transferring money or granting access to systems.
Unlike email phishing, vishing relies on conversation, urgency and manipulating people into giving away information, money or access by exploiting trust, fear, curiosity or urgency rather than hacking technology. Instead of breaking into a computer, attackers persuade someone to open the door for them.
Common examples are listed below:
- Someone claiming to be from Microsoft or the company’s IT department claims the user’s computer has been compromised and asks them to install remote access software or reveal their password.
- Someone alleging to be from finance or the Bank calls and asks the user to verify their card details, PIN or one-time passcode.
- An employee receives a call from someone impersonating the CEO or finance director, urgently requesting a payment or sensitive company information.
- Someone claiming to be from HMRC, the DVLA or the police says you owe money, face legal action or need to verify your identity immediately.
Recognise any of them? Modern vishing attacks increasingly use AI to clone a person’s voice, and conversations are increasingly personalised as scammer use publicly available information to create realistic conversations.
Phone-based vishing attacks increased 449% according to the KnowBe4 2025 Phishing Threat Trends Report Volume Six.
KnowBe4 Launches ‘Spot the Vish’Â
KnowBe4 rececently launched Spot the Vish, a simulated game designed to train the digital workforce to recognise, resist, and report vishing attacks in real time.
Isida Drake, SVP of Security & Compliance eLearning, at KnowBe4 explains the rationale for launch:
“An urgent call from what seems to be IT or a high-ranking executive with a high-pressure request for a password or large wire transfer can happen to any employee at any time. We have gamified the critical threat vector of vishing into an interactive simulation where employees learn in an engaging and memorable way. By participating in the new Spot the Vish game, employees develop the muscle memory needed to help protect their organizations by stopping vishing attacks.”
How does Spot the Vish work?
Players are thrown into realistic scam calls where every clue counts. As suspicious red flags appear, the Scam-O-Meter cranks up the threat level in real time, forcing users to make split-second decisions: hang up, verify the caller through official channels, or risk taking the bait. Participants can rack up points, unlock badges and climb the leaderboard as they sharpen their scam-spotting skills in a fun, competitive challenge.
Spot the Vish joins a robust lineup of high-impact, fan-favourite titles, including: Danger Zone, the Spot the Phish series, Share If You Dare and The Inside Man. The KnowBe4 game library provides gamified learning experiences designed to maximise user engagement, and is available in multiple languages.
Availability
Spot the Vish is now available to KnowBe4 customers through the updated, AI-enabled ModStore.
Related Post: Red Flags: Secure Your Contact Centre Against Threats.





