Vishing is a phone scam type of phishing attack. The word “vishing” comes from “voice” and “phishing”. Phishing scams are most often done through email, named by the idea that a fraudster is dangling a hook or a lure to get unsuspecting victims to reveal sensitive information, like usernames, passwords, or credit card details, through an email response or by clicking a link and entering the data on a website. In a vishing attack, a scammer uses a phone call to target their victims and steal information, money, or both.
Vishing can also be a type of social engineering scam — that is, the criminal uses specific or “vague enough to be real” details about the victim to get them to believe the scam caller is real and should be trusted. Vishing calls may come from a blocked number, or a fake or spoofed phone number used to impersonate a legitimate person or organization. Fraudsters also use robocalls to carry out vishing schemes on a larger scale.
The person or robot placing the phone call uses a sense of urgency or the guise of an emergency to ask you questions confirming your identity or personal details, then they ask for even more information. They may not always be negative situations, either. Sometimes the urgency comes from the excitement of potentially winning money, gifts, or trips. Unfortunately, it’s all fake when it comes to vishing scams. What the scammer really wants is your Personally Identifiable Information (PII), financial account details, medical information, or other sensitive data, and they want you to give it to them over the phone quickly before you have time to realize it’s a scam.
Common vishing techniques to watch for:
Vishing is a form of phishing by phone. Phishing scams are conducted through unsolicited emails, texts (smishing), phone calls (vishing), and fake websites — all used by scammers to collect information from a victim to commit fraud.
According to the FBI 2019 Internet Crime Report, there are more victims of phishing, vishing, and smishing scams than any other type of cyber fraud, costing consumers $57 million in fraud losses.
When victims are tricked into sharing their name, date of birth, Social Security number, bank account details, and other sensitive information, fraudsters are equipped to commit credit card fraud, account takeovers, and identity theft using that information.
If you have shared your personal information, bank account or credit card number with what you suspect was a vishing scam, report the call to your financial institution and government agencies. Several agencies are working to reduce fraud and capture scammers, including the Internet Crime Complaint Center, the Federal Trade Commission (FTC), and the Better Business Bureau (BBB).
Some good news is on the horizon to help fight vishing attacks and caller ID spoofing: the FCC has been working with telecommunications providers to create new ways to digitally validate Caller IDs (through STIR/SHAKEN authentication standards). Such validation processes would greatly reduce the ability of vishing scammers to spoof legitimate names and phone numbers, giving them one less way to fool you into exposing your personal and financial information.