In the News

What is Vishing? The Voice Phishing Social Engineering Scam Explained

Jun 12, 2021 Make Use Of

Most people know about internet scams. If you visit the wrong website or open the wrong email, it’s surprisingly easy to wind up a being a victim of cybercrime.

One type of scam that many people overlook, however, is the type that occurs over the phone. And unfortunately, these scams can be just as expensive.

Most phone scams rely on a technique known as vishing. So what is a vishing attack? And how can you keep yourself safe from it?

What Is Vishing?

Vishing, otherwise known as voice phishing, is a type of social engineering where attackers call victims over the phone pretending to be somebody else.

It can also occur in reverse, with the victim being tricked into initiating the phone call.

The person on the line might claim to be tech support, a bank employee, or even a police officer. In reality, they are criminals, typically calling from thousands of miles away, and the only thing that they really want is your personal information.

If they are successful, the next step is either identity theft or wire fraud.

How Does Vishing Work?

To start a vishing scam, all an attacker really needs is a phone number, a victim, and an idea. Here’s how vishing works.

Create a Fake Number

First off, the attacker needs a way to create a fake number. Most people will check who is calling them before they give out information. Mostalso won’t call a number if it doesn’t have the correct area code.

Attackers often use call spoofing to achieve this. It provides them with a fake number that’s both local and anonymous.

Find a Victim

All vishing scams start with finding a potential victim. One method is to email thousands of people and wait for somebody to respond. Another is to find directories of people and just start calling them one by one. Your number might have been involved in a data breach too.

It’s possible to get people to start calling the fake number by posting it on social media pretending to be somebody else.

Start Calling

The next step depends largely on the attackers’ imagination. It also depends on how many different numbers they have access to.

They might choose a simple message and call a thousand numbers, asking the same question. Or they might take a more tailored approach and come up with a story that’s designed to take information from a specific individual.

Examples of Vishing Attacks

Vishing tactics are constantly changing. When one stops working, attackers simply move onto the next.

Most, however, involve the same fake personas or character types.

Bank Impersonation

A bank employee will tell you that there’s a problem with your account. In order to fix the problem, they first need to verify your details.


A telemarketer will inform you that you’ve won a free prize. In order to receive the prize, you just need to confirm your address.

Tech Support

A tech support agent will tell you that they’ve found an issue with your computer, smartphone, or another device. They may offer to send you a solution via email. Or they might ask to log into your computer remotely.

Tech Sales

A tech salesperson will offer you an amazing deal on some type of computer service or software. Once again, they require either an email address or access to your computer.

Government Impersonation

A government employee (usually the IRS) will tell you that there’s some type of legal issue. To avoid a penalty, you just need to verify a few details. Sometimes, they’ll even ask for money over the phone.

How to Recognize Vishing Scams

Cybercriminals rely on the fact that the majority of people aren’t aware of their tactics. Vishing is no exception to this.

Most vishing calls are actually pretty easy to recognize once you are aware of their existence.

Always be suspicious whenever anyone calls you and claims to be in any position of power.

The average person is pretty cold when calling a stranger. A scam caller, on the other hand, will often try to be incredibly friendly, or, if that doesn’t work, even moderately threatening.

All vishing calls eventually ask for something. Be on guard whenever an unknown caller asks you for personal information of any kind.

Anyone who makes phone calls for a living knows that they are not allowed to do this. Your bank, for example, would never ask you to provide sensitive details over the phone.

How to Prevent Vishing Scams

Half the battle of preventing vishing is just knowing that it exists. After that, it’s just a matter of being careful and vigilant.

Don’t Answer Unknown Numbers

The easiest way to prevent a vishing call is to simply not to pick up the phone. Naturally, this isn’t always practical. If you don’t know the number calling, you could leave it go to voicemail—if it’s that urgent, they should leave a message. Obviously, that’s not always the case, though.

Be Careful Who You Call

When searching for a number online, be careful where you look. Never call numbers that you find on social media.

Always Verify Who You’re Speaking To

If you do have to receive a phone call from a stranger, don’t discuss anything important without first verifying who you are talking to. This can be done by arranging to call them back at a number of your choosing.

Keep in mind that many scam callers will have their own scam number ready to give out, claiming it’s their own personal direct line.