Vishing is short for “voice phishing,” a type of cyberattack which involves fraudulent use of phone calls or voice messages to steal confidential information from victims.

How Vishing Works

Vishing involves an attacker impersonating a legitimate, usually trusted, entity, such as a bank, government agency or trusted authority.

The goal of the attacker is to create a sense of urgency, in order to convince the victim that they must act quickly to resolve the issue or claim a reward.

Common tactics include:

  1. Caller ID Spoofing: Attackers manipulate the caller ID information to display a legitimate number, making the call appear authentic. This technique increases the chances of the victim answering and engaging with the scammer.
  2. Urgency and Threats: Scammers often use high-pressure tactics to create a sense of urgency. A common example of this is when they claim that the victim’s account has been compromised, that there is unpaid debt or that legal action is pending. These threats compel the victim to act quickly and follow instructions without question.
  3. Pretexting: Vishing relies on pretexting, which involves the scammer fabricating a scenario to gain the victim’s trust.
  4. Social Engineering: Successful vishing attacks make use of psychological manipulation. Scammers use information from social media or previous interactions to personalize the conversation, making it sound more legitimate and convincing.

Common Vishing Scenarios

  1. Banking Scams: Scammers pose as banking personnel, claiming to be notifying the victim of suspicious activity on their account. They might request account details, card information or PINs to “verify” the identity of the victim.
  2. Tech Support Scams: Scammers will call individuals claiming to be from a known tech or software company, stating that their computer has been infected with a virus or malware. Scammers will then request remote access to the device to “fix the problem.”
  3. Tax Scams:  Attackers impersonate tax officials, threatening victims that legal action is pending due to unpaid tax amounts.

How to Protect Against Vishing Attacks

  1. Be Sceptical: Always be cautious when receiving unsolicited calls that ask you to disclose personal or sensitive information.
  2. Verify the Caller’s Identity: If a call seems suspicious, hang up and contact the organization directly using official contact information.
  3. Educate: Organizations should train employees on how to recognize vishing attacks and the importance of safeguarding sensitive information.
  4. Use Call-Blocking Tools: Call-blocking apps or features can help to reduce unwanted calls, including potential scam callers.
  5. Report Suspicious Calls: Reporting vishing attempts to the relevant authorities or the organization who the scammer is impersonating can help to combat these scams and protect others.