Vishing definition: Vishing is a form of cybercrime where scammers use phone calls to steal your personal information. The term combines “voice” and “phishing,” reflecting its nature as a phone-based phishing scam.
Vishing — or voice phishing — can be a frightening and stressful experience, often catching people off guard. You might get a call claiming your credit card has been compromised, urging you to “verify” your account details. Or, you might hear from someone posing as the IRS, threatening legal action unless you provide your Social Security number. These calls are designed to create panic, pushing you to act before you have time to think.
In 2022, Americans lost around $39.5 billion to vishing scams. The criminals behind these attacks are skilled at sounding convincing, playing on your trust and even using urgency to pressure you into sharing sensitive information. Understand all the ins and outs of voice phishing so you can avoid falling prey to these scams.
What Is Vishing?
Vishing, short for “voice phishing,” is a type of cybercrime where scammers use phone calls to trick individuals into revealing personal, financial or security information.
Unlike traditional phishing, which happens over email, vishing takes place over the phone — either through calls or voice messages — making it feel more personal and urgent. The scammers often pretend to be trusted entities like banks, government agencies or tech support, making their deception hard to detect.
In a typical vishing attack, the scammer calls you, usually disguising their phone number to appear legitimate. It could be a claim regarding a serious problem with your bank account or something similar. The goal is to make you feel pressured into giving up sensitive details like passwords, account numbers or Social Security information.
Once they have that data, they can commit fraud, drain your accounts or sell your information to other criminals.
Vishing vs. Phishing: What’s the Difference?
Phishing scams have been around since the mid-90s, evolving in complexity and methods over time. While phishing is the umbrella term for cybercrimes where attackers pose as trustworthy entities to steal personal information, it can take various forms — one of which is vishing.
The key difference is in how the attack is delivered: phishing typically happens online, while vishing occurs over the phone.
- Phishing generally involves fraudulent emails or fake websites designed to trick you into clicking malicious links or providing sensitive information. For example, you might receive an email that looks like it’s from your bank, asking you to verify your account by clicking a link.
- Vishing is the voice-based counterpart to phishing. Instead of an email, you get a phone call from someone pretending to be a bank representative, claiming there’s an issue with your account and asking you to provide your password or account number.
7 Must-Know Vishing Examples
Like deepfake fraud, vishing is becoming more prevalent, with threat actors using a variety of techniques to lure victims into their scams. The examples below are some of the most common examples of vishing scams at work today.
1. Bank Impersonation
Vishing scammers may impersonate your bank, credit card company or another financial institution to gain access to your financial accounts. In this scenario, the scammer typically says there has been unusual or fraudulent activity on the victim’s account, and asks the victim to confirm their bank account details, account numbers or mailing addresses.
2. Tech Support Fraud
In this scenario, the caller will impersonate tech support from a reputable company like Google, Apple or another relevant provider. They’ll usually relay a report of suspicious activity on the victim’s account and ask to confirm their account details.
They might also ask for an email address to which they can send a software update, instructing the victim to install it on their computer to avoid their account being compromised. In reality, the software update is actually a way to plant malware on the victim’s computer.
3. Social Security or Medicare Scam
Criminals often target seniors in their attacks, and they pose as Medicare or Social Security representatives to try and glean sensitive information from victims. They might call asking for Medicare account details in order to receive a new Medicare card, or ask victims to confirm their Social Security number to avoid termination of the benefits they’re entitled to.
4. IRS Tax Scam
In this vishing attack, scammers often use a prerecorded message claiming there’s a problem with your tax return. The message might warn of severe consequences — like a warrant for your arrest — if you don’t call back immediately. When you return the call, the scammer may pose as an IRS agent, pressuring you to provide sensitive information or make an urgent payment to “resolve” the issue.
For example, you might receive a voicemail saying, “This is the IRS. We’ve detected irregularities with your tax filing. Failure to respond will result in immediate legal action.” This creates panic, making you more likely to respond without questioning the legitimacy of the message.
5. Lottery and Prize Scams
Lottery and prize scams lure you by promising a large reward — like cash, a car or a vacation — that you’ve supposedly won. Scammers call claiming you’ve won a prize but need to pay a fee or provide personal information to claim it. This can feel exciting, especially if the caller sounds professional and convincing.
They might even provide “official” documentation to make it seem legitimate. However, after making a payment — through a QR code or online — or sharing sensitive details, the prize never materializes, and the scammer disappears.
If you don’t remember entering a contest, be wary — winning something you never applied for is a major red flag.
6. Government Agency Impersonation
In this type of scam, criminals pose as representatives from government agencies like the IRS, Social Security Administration or law enforcement. They call victims, claiming there’s an urgent issue, such as unpaid taxes, benefits being suspended or even a pending arrest.
These calls can feel intimidating and stressful, as the scammers often use official-sounding language and threats of legal consequences to pressure you into providing sensitive information or making payments.
Government agencies will never threaten you with arrest over the phone or demand immediate payments. If a call seems suspicious, hang up and contact the agency directly using a verified phone number from their official website.
7. Utility Company Scams
In a utility company scam, fraudsters impersonate representatives from your electric, gas or water company. They claim there’s an issue with your account — like an overdue bill — and threaten to shut off your service if you don’t pay immediately.
These calls can feel urgent, especially if they’re timed during extreme weather or outside normal billing cycles. The scammers often demand payment via untraceable methods like prepaid cards or wire transfers, creating a sense of panic that forces victims to act without thinking.
To avoid falling prey, always verify the caller’s claims by contacting your utility company using their official customer service number.
How to Spot a Vishing Scam
It can be difficult to recognize a vishing scam in action, especially because of how emotionally charged the calls can be. However, there are some warning signs that can help you identify potential frauds and boost your online protection.
- Caller claims to be from a government agency: Always be suspicious of a caller who claims to be from a government agency and proceeds to ask for financial information. Government agencies never call out of the blue asking for sensitive information or money.
- There’s a sense of urgency: The main tactic used in vishing is to prey on victims’ emotions with fear or scare tactics. If a caller is using threats of arrest or account suspension, remain calm and do not hand over your information.
- Caller asks you to confirm account details: Scammers may try to appear nonchalant with a simple request to verify some account information in order to remedy a problem with one of your accounts. Never reveal any identifying details to an unknown caller.
- Caller requests unusual payment methods: Scammers may ask for payment through untraceable methods like prepaid cards, gift cards or wire transfers. Legitimate organizations will not use these methods for transactions.
- Unsolicited call from an unknown number: If you receive an unexpected call from an unknown number, especially if it’s asking for personal or financial information, be cautious. Genuine organizations will typically contact you through known and verified channels.
- Unusual call behavior: Be wary of callers who refuse to provide a callback number or hang up quickly if you question their legitimacy. Scammers often avoid leaving a traceable contact trail.
- Inconsistent information: Scammers might provide inconsistent or vague information about their supposed organization or the issue at hand. Always verify any claims with official contact information from the organization’s website.
Staying vigilant and proactive is the best way to avoid these scams. The same can help with WhatsApp scams and social media scams, too.
How to Stay Safe From Vishing Attacks
Vishing scams may be widespread, but protecting yourself from these attacks is both straightforward and effective. By taking a few proactive steps, such as protecting your devices with an antivirus, you can safeguard your personal and financial information from being compromised. Being cautious and informed is key to preventing vishing scams from succeeding.
Don’t Share Personal Information Over the Phone
To keep yourself safe from a vishing attack, the most important thing to remember is you should never provide or confirm personal information over the phone. Remember that credit card companies, banks and government officials will never call asking for sensitive information.
For example, if you receive a call from someone claiming to be a representative from your credit card company asking for your account number to “verify” suspicious activity, do not provide it. Instead, hang up and call your credit card company directly using the number on the back of your card or their official website to check for any issues.
Don’t Answer Calls From Unknown Numbers
The simplest way to avoid a vishing attack is to avoid answering phone calls from numbers you don’t recognize. If it’s truly a legitimate person trying to contact you, let it go to voicemail and listen to their message carefully. Otherwise, avoid vishing altogether by forwarding unknown callers.
Ask for Proof of Identity Report
When you receive a call from someone claiming to represent a legitimate organization, ask for proof of their identity. Request specific details such as their name, the organization they represent and a callback number. A genuine caller should have no issue providing this information, as they will have legitimate credentials to support their claim.
An example could be someone claiming to be from the IRS and demanding immediate payment for an overdue tax bill. You can ask them to send official documentation or call them back using the IRS’ main number to confirm their identity. If they refuse to provide verifiable information or pressure you to act quickly, it’s likely a scam.
What to Do if You Suspect a Vishing Scam
If you think you’ve encountered a vishing scam, it’s crucial to take action to protect yourself and others. First, file a report with the appropriate authorities.
U.S. users can contact the Federal Trade Commission (FTC) online or call (888) 382-1222. For international users, check local authorities for reporting options in your country. Also, immediately change your passwords for any accounts that might be compromised and notify your banks and credit card companies.
While reporting and monitoring are essential, preventing future attacks is equally important. Equip yourself with reliable antivirus software, which can help detect and block potential threats. Using up-to-date antivirus protection is a proactive step in safeguarding your sensitive information and staying ahead of cybercriminals.
Voice Phishing FAQ
Voice phishing, or vishing, can be confusing and distressing. To help clarify common questions about this type of scam, we’ve put together a list of frequently asked questions.
What Are Examples of Voice Phishing Attacks?
Common examples of vishing include fake calls from your bank asking for account verification or a supposed IRS agent threatening legal action unless you pay immediately. These calls usually create a sense of urgency to pressure you into compliance.
How Do You Know if You Are Being Attacked by Voice Phishing?
You may be dealing with a voice phishing attack if the caller is pressuring you for personal or financial information, especially if they use threats or create a false sense of urgency. Be suspicious if the caller is unwilling to provide verification details or if the call seems unsolicited and unexpected.
What Is a Voice Scammer?
A voice scammer is someone who tries to deceive victims into providing personal or financial information over the phone. They often impersonate trusted entities like banks, government agencies or tech support companies to appear legitimate. Their goal is to exploit your information for financial gain or identity theft.
Is Voice Phishing a Cybercrime?
Yes, voice phishing is considered a cybercrime. It falls under the broader category of phishing and fraud, where criminals use deceptive practices over the phone to steal sensitive information. Vishing can lead to significant financial and personal consequences for the victims.