Sontiq logo

What is Vishing? Voice Phishing Scams to Avoid

business man on phone

Vishing is a phone scam. In a vishing attack, a scammer preys on human error by phoning their victims and attempting to get them to expose their personal information, money or both. The word “vishing” comes from “voice” and “phishing,” which suggests that a fraudster is dangling a hook or a lure to get unsuspecting victims to reveal usernames, passwords, or credit card details or download malware onto their devices.

Originally, phishing attacks were mostly confined to phony emails from what appear to be a trusted source. The emails are cleverly designed to lure unsuspecting folks into clicking a link and entering the data on an illicit website. The phishing lexicon has expanded to include smishing, which uses fraudulent text messaging, and pharming, which is phishing using fake websites without the email hook.

Vishing scams are a real hang up

In 2023, there was a 1265% increase in malicious email sends. Similarly, the FBI lists the related social engineering attacks of phishing, vishing, smishing and pharming as among most prevalent threats in the U.S. last year, with more than 300,000 victims.

The reason vishing is so successful is that it exploits the subconscious side of human nature. As a form of social engineering, vishing uses specific or “vague enough to be real” details about the victim to get them to believe the scam caller is authentic and should be trusted.

Vishing calls may come from a blocked number or a fake or spoofed phone number used to impersonate a legitimate person or organization. Fraudsters also use robocalls to carry out vishing schemes on a larger scale.

No matter what form the phishing attack takes, social engineering thrives in times of uncertainty.

How does vishing work?

The person or robot placing the phone call uses a sense of urgency or the guise of an emergency to ask you questions confirming your identity or personal details, then they ask for even more information.

The catalyst may not always be a potentially negative situation: sometimes the urgency comes from the excitement of potentially winning money, gifts or trips. Unfortunately, it’s all fake when it comes to vishing scams. The scammer really wants your personally identifiable information (PII), financial account details, medical information or other sensitive data. And they want you to give it to them over the phone quickly before you have time to realize it’s a scam.

Common vishing tactics to listen for:

  • Your Social Security number has been compromised
  • Your bank account has been red-flagged or hacked
  • A credit card charge needs to be verified
  • The IRS has discovered discrepancies in your tax return
  • Your vehicle is qualified for an extended warranty
  • Your computer has been compromised and requires tech support services
  • There is a warrant issued for your arrest
  • Your friend or family member needs money to get out of trouble
  • Your friend or family member was in an accident
  • You have won a free vacation (or sweepstakes, or lottery or giveaway)
  • You’re eligible for a free trial or free product for something you didn’t request

What’s at stake? What do I do if my information is stolen in a vishing scam?

When victims are tricked into sharing their name, date of birth, Social Security number, bank account details and other sensitive information, fraudsters are equipped to commit credit card fraud, account takeovers, and identity theft using that information.

If you have shared your personal information, bank account, or credit card number in what you suspect was a vishing scam, report the call to your financial institution and government agencies. Several agencies are working to reduce fraud and protect consumers from scammers, including the Internet Crime Complaint Center (IC3), the Federal Trade Commission (FTC), and the Better Business Bureau (BBB).

Best advice: Hang up

  1. If you are worried a phone call is a scam, hang up. Look up the correct number yourself through an organization’s website or phone directory, or call the number listed on your bank or account statement or the number on the back of your credit card. Don’t just call the number back — it will only reconnect you with the scammer.
  2. Think before you speak. If you receive a phone call from an unknown number or a familiar name you weren’t expecting a call from, do not share any sensitive or personal information — not even your date of birth. Especially if the caller requests ANY information from you to confirm who you are before proceeding with the call. Scammers want you to react and divulge your information. The person on the end of the line may sound sincere and trustworthy, but that doesn’t mean they’re legitimate.
  3. Is that really a government agency? Remember, the Social Security Administration and the IRS will never call you to request personal information or make threats. They conduct official business through the U.S. mail.