Knowledge base
November 30, 2025
Vishing & Smishing – Protect your business effectively
Introduction: a growing risk for Dutch companies
Every day, Dutch organizations are approached via fake calls or misleading text messages. This is called vishing (voice phishing) and smishing (SMS phishing).
-
Your employee gets an “urgent phone call” from a bank.
-
Or a text message about a delayed package with link.
-
Consequence: malware, data breaches or access to your systems.
According to recent figures, 1 in 3 SMEs faced such attempts by 2024.
At ALTA-ICT we see that awareness is lacking, especially on a human level. Therefore we help Dutch companies to make security awareness really tangible and effective.
What is vishing and smishing?
Vishing is telephone scams. Criminals supposedly call on behalf of agencies or partners. They use spoofed numbers, speak with urgency and use pressure or fear.
Smishing is phishing via text message, WhatsApp or messaging apps. Think payment requests, “track & trace” messages or fake notifications from your bank or the government.
Why it works in the Netherlands:
-
We are digitally readily accessible
-
Many company records can be found online
-
Communication seems increasingly convincing
The goal is always the same: to prompt you or your employee to click, hand over data or take action.
How do you protect your organization?
1. Employee recognition training
– Recognize suspicious calls and messages
– Understand typical patterns of attacks
– Act safely and report internally
2. Realistic simulations
We conduct controlled vishing and smishing tests, without notice. This is how you test whether awareness leads to action.
3. Reporting and follow-up
Results are discussed in understandable language. No finger pointing, but focus on learning.
4. Full integration with AVG and ISO policies
Our approach is ISO27001-certified and supports you with your AVG responsibilities, such as data breach notification requirements.
Common mistakes
🚫 Tick off awareness as a one-time e-learning
🚫 Make IT responsible only
🚫 Do not apply simulations or follow up
Awareness must be structural. Only then will it stick.
What does it provide?
Customer results:
– 60% fewer clicks on suspicious links within 3 months
– 100% awareness increase after simulations
– Full AVG-proof reporting process
Customer example (anonymous):
An SME construction company received a false “payment order” via WhatsApp. After our training, an employee reported a similar attempt – and prevented €18,000 in damages.
Why ALTA-ICT?
✅ Customized trainings, in Dutch
✅ ISO27001, ISO9001 and NEN7510 certified
✅ Focused on people, not just technology
✅ Includes simulations and reporting
✅ Support for SMEs, government and healthcare
We make sure security awareness lives. Not as a checkmark, but as a culture.
Frequently Asked Questions
Is awareness training mandatory?
Not literally, but it is covered by the AVG obligation to take appropriate organizational measures.
Does everyone have to participate?
Yes. Cybercriminals target all layers within an organization.
Can we start small?
Yes. Start with a pilot of one department.
How often should this be done?
At least twice a year + periodic simulations.
Conclusion
Vishing and smishing are not hype. They are daily reality in the Dutch business world. Awareness is crucial.
Start protecting today. Start with your people.
📞 Book a free awareness consultation at https://alta-ict.nl/gratis-consultatie
Want to know more?
Related
blogs
Tech Updates: Microsoft 365, Azure, Cybersecurity & AI – Wekelijks in je Mailbox.