Keepnet Labs Logo

Protect Your Business from Devastating Voice Scams

How a European Bank Saved $5.4m and Reduced the Cost of Vishing Incidents by 38%

a phone and sound waves with the text protect your business from devasting voice


A large European bank operating in four countries with 40,000+ employees was frequently targeted by voice scams.

They had a cybersecurity awareness program in place. But still, they had been inundated with complaints from employees and customers, who claimed that the attacks violated their privacy, caused panic, and put them at risk of data breaches.

This company looked into the complaints and discovered that some users didn't report attacks. At the same time, few employees were able to identify the scam and avoid falling for it.

Successful Outcomes

  • The annual return on investment was around $5.4m
  • Employees were 92% better at recognizing fake phone calls in the first 6 months.
  • Employees showed 60% more behaviour in filing a complaint or reporting incidents to those in charge.

The Risk of Inaction

Not complying with local and international regulations such as HIPAA, CCPA, NIST, GDPR, PCI DSS, etc., may face legal sanctions and reputational damage. At this point, restoring client confidence was one of the essential tasks for this bank.

Along with these, there was the risk of productivity and financial loss. Dealing with vishing cases took up a significant amount of time and cost the company. Brand damage and the loss of customer trust would also result in additional revenue loss.

Voice scams are sometimes used with other social engineering attacks like smishing or phishing messages to bypass multi-factor authentication, get a one-time password, or download malicious attachments—all of which could cause the illegal sale of sensitive data.

Over and above this, the lack of adequate protection and monitoring of employees who start working from home has created a separate risk, especially given that they are more open to vishing attacks.

“We recognized the need to improve our cybersecurity awareness program and protect employees from devastating voice scams. By implementing vishing simulations and enhancing our processes, we increased our control over vishing attacks and eliminated them 12 times faster. Our employees showed a 92% improvement in recognizing fake phone calls.”

Global CISO, Bank

Average Cost of Breach

Average reported loss per person
Employees recognizing and reporting Vishing
62% to 92% in 6 months
The total estimated cost saving is $5.4m annually

Average Cost of Vishing Incident Response

Avg. time to respond to a Vishing incident
from 18 hours to 7 hours
The average cost of one staff
$60 per hour
The cost of a single Vishing incident reduced
from $1,080 to $420
Average number of Vishing incidents reported per year
The total estimated cost saving is $171,600 annually (reducing cost from $280,800 to $109,200)

The difficulties above solely involve employment expenses, and triage is expected to cost more than that and could take up to two weeks to complete; losses could be more. For instance, according to a report from CNBC, nearly one in three Americans say they have fallen victim to a phone scam in the past year, with the average reported loss being about $502 per person [1]. Another report from Truecaller estimates that the number of victims seems to be increasing year after year, 68.4 million Americans fell victim to a phone scam in the past 12 months and lost $29.8 billion to scam calls. [2].

How Keepnet Helped

  • Identified risky behaviors within the organization, like who falls into voice scams and ignored incident reporting.
  • Monitored the existing incident response routines, revealed the gaps, and improved incident handling procedures. 
  • Implemented comprehensive employee training that includes elements from behavioral science like Reinforcements, Nudges, and Gratitude Exercises that promoted the adoption of secure behavior.
  • Tested whether employees complied with security policies and procedures and improved their behaviors using security training.
  • Bank implemented and tested a new technology with us to block spoofed calls and known fake numbers to prevent employees from voice scams.
  • Threat Sharing policy updated to share indicators like tactics, attacker profiles, phone numbers, etc., to inform authorities and other financial organizations about threats for proactive prevention.

Operational Results

  • Staff members identified a voice scam with a 92% success rate during vishing campaigns within 6 months.
  • The team is getting fewer cases now, and they boosted their business productivity.
  • The mechanism for reporting incidents and following up on them has been improved.
  • Employees' stress and anxiety levels of employees are reduced, and business productivity is enhanced.

Strategic Results

  • The company becomes more confident about becoming compliant in the long term.
  • Continuing and deep-rooted protection is provided via new vishing security procedures and a vishing incident response playbook.
  • Different types of attacks have been experienced, and Ransomware risks have been minimized.
  • The total estimated cost saving is $5.4m annually.

Schedule your 30-minute demo now

You'll learn how to:
tickAutomate behaviour-based security awareness training for employees to identify and report threats: phishing, vishing, smishing, quishing, MFA phishing, callback phishing!
tickAutomate phishing analysis by 187x and remove threats from inboxes 48x faster.
tickUse our AI-driven human-centric platform with Autopilot and Self-driving features to efficiently manage human cyber risks.
iso 27017 certificate
iso 27018 certificate
iso 27001 certificate
ukas 20382 certificate
Cylon certificate
Crown certificate
Gartner certificate
Tech Nation certificate