Hand holding a mobile phone with an unknown call coming in

Security | Vishing

What is vishing (voice phishing)?

Cell phones, computers, and other digital innovations have revolutionized almost every aspect of modern life. However, along with these innovations, criminals have, of course, kept pace. We have all heard of phishing, a social engineering attack in which criminals use deception to trick a person into revealing sensitive information or giving unauthorized access. There are various types of phishing and one of the more common ones - vishing - uses the telephone to compromise your security and potentially con you out of money. As always, the weakest link in any security system will be the users themselves, and cybercrime is no different.

How does vishing work?

Cybercriminals who use vishing are, in simple terms, no different than old-fashioned con artists. In voice phishing, otherwise known as vishing, they use the phone to trick or scare you into giving information. Someone pretends to be a trusted authority, like law enforcement, a financial institution, a legitimate business or charity, or a government agency, then tricks you into giving them money, whether via direct payment or giving them access to your finances.

Often, so you don’t have an opportunity to think about the situation or consult an outside source for verification, a caller might refer to an artificial deadline or emergency situation.

Sometimes, fear is used to disarm victims. Imagine receiving a call that warns you your bank account has been compromised and that you must call a particular phone number to reset your password before you lose everything.

Additionally, greed can be an effective tactic, like in the classic Nigerian Prince Scam, in which people give fraudsters their banking information and are then scammed out of a large amount of money.

Use these tactics to protect yourself from vishing.

  • If you receive a call from an unknown number, let it go to voicemail and listen to it later. Scammers rarely leave messages.
  • Even if the phone number is familiar, numbers can be easily spoofed. It doesn’t always mean the caller is legitimate.
  • If you suddenly get a request from a friend, family member, or acquaintance that seems entirely out of character, think twice before you take action. Artificial intelligence has advanced to a point where scammers are scraping audio from social media videos and podcasts, building digital voices to match, and then using those false voices in their schemes.
  • Never give sensitive information to callers over the phone. This includes bank account numbers, social security numbers, PINs, and passwords, as well as personal details like your address and answers to security questions. If you are asked for sensitive information, hang up and call the organization directly using a phone number from a legitimate source.
  • Never answer personal questions or supply sensitive information via social media. Be wary of questionnaires that ask for answers to a long list of questions. These are used to gain information that will allow scammers to guess security questions and passwords.
  • Be suspicious of any call during which the speaker gets threatening or uses high-pressure tactics.
  • No legitimate organization demands immediate payment via cryptocurrency or gift cards.
  • Suppose an unknown caller asks you to confirm information, whether or not it's true. In that case, they could be making a deliberate false statement hoping that you will volunteer your personally identifiable information.
  • Remember, if a phone number begins with a plus sign (+), the call is coming from overseas.
  • If you receive many spam-type calls or start feeling uncomfortable, don’t hesitate to block specific phone numbers, enable general spam call-blocking, and install spam-detecting software or apps.
  • If the call seems strange or anything feels off, hang up.

Be alert for common vishing scams.

According to the Federal Trade Commission’s Consumer Advice, there are a number of ways in which criminals make use of vishing.

  • Impersonations – the caller pretends to be a trusted source, like the IRS, a popular online retailer, or even a family member.
  • Debt Relief – the caller pretends to be able to solve your financial issues, like credit card debt or student loans, for a fee.
  • Business Opportunities – the caller offers unique opportunities for you to invest in fictional companies or tries to sell you assistance in opening your own business.
  • Charity Solicitations – the caller asks for donations to non-existent charities. This is related to impersonation scams in which a criminal poses as a legitimate charity.
  • Extended Car Warranties – this fraud, in which the caller sells overpriced or fictitious car warranties, has been around seemingly forever.
  • Free Trials – the caller gets you to sign up for a free trial but fails to explain that the service will automatically renew at a cost.
  • Loan Offers – after you’ve been duped into signing up for a thief’s low-interest loan with an upfront fee, they run off with the fee, steal your personal information, or damage your credit.
  • Prize or Lottery – the caller says you won a prize or lottery from a contest you never entered, and you will only receive it once you’ve paid a fee or taxes in advance.
  • Vacation and Trips – the scammers sell low-cost or free vacations with hidden, up-front fees, or the entire trip is fictitious.

If you’ve experienced vishing, it’s essential to report it.

To report a suspicious phone number, call 1-877-382-4357 and file a report with the Federal Trade Commission. To stop unwanted calls to your mobile device, call 1-888-382-1222.