What is vishing?

2020-06-02 - 5 min read

You look down at your phone and see that a number in your area code is calling. You pick up and hear an automated voice tell you that your bank account has been compromised, accompanied with a number you should call right now. In a panic, you call the number, and another text-to-speech voice asks you to enter your bank account details on the keypad. Unfortunately, you’ve been at the receiving end of a vishing attack, a form of a social engineering scam that is becoming all too prevalent. Pay attention to this guide, and you won’t fall victim again.

What is vishing?

Vishing is a type of phishing — an umbrella term for a form of scams created specifically to elicit an emergency response from targets. The scam’s purpose is to take advantage of that state of panic to trigger someone into performing rash decisions. Giving your bank details over the phone to an unverified caller would be a good example.

The first phishing scams originated in the form of scam emails. It’s been over 20 years since then, and different types of phishing have become popular.

What are smishing and vishing?

Vishing and smishing are similar in that the scam is limited to a victim’s phone. Vishing, or voice phishing, relies on tricking you with a phone call. Most vishing scams take place via Voice over Internet Protocol, or VoIP — calling over VoIP makes it easier to impersonate a legitimate business or service. Occasionally, a person will be on the other side of the phone instead of an automated voice. All of this serves to keep up the deception the scammer is trying to pull.

Most vishing calls will attempt to impersonate your bank. You’ll hear that your account has been compromised, or there was suspicious activity, or even that you’re about to be locked out of your account. The scarier the message, the more effective the scam. These messages are particularly rattling to those who aren’t accustomed to this modern age of scam-artists.

The bogus call will ask you to call a number in order to save your account. If the victim has called the number, instructions to enter their personal details or bank account credentials will be given. Once they have, the victim can now be subject to identity fraud and get all their money stolen.

Here are some of the pretexts that vishing scammers will try to entice you into giving your details:

  • Too-good-to-be-true investment opportunities;

  • Donations to a charity or recent, relevant cause;

  • A government organization asking for overdue or unpaid taxes;

  • Bogus competitions

The SMS phishing, or smishing, concept is almost the same as vishing. Instead of receiving a phone call, you’ll get an SMS conveying the same message – call this number or follow this link to fix your jeopardized account. The biggest difference between smishing and vishing is that the link provided in the SMS may lead you to a site that will trigger a malware injection into whatever device you were using.

How do I prevent myself from falling for a vishing attack?

You need to keep in mind the main goal of these scams: to gain your personal information or bank account login details. So, next time you receive a call demanding that you provide those details, you should immediately be skeptical of the legitimacy of the message. Also, stay calm. The scammers want you to panic. Take a breath and analyze the situation logically before jumping to conclusions.

As a rule, if any entity were to call and ask to enter details on your keypad over the phone, you should ignore this. Banks have several ways to contact you about any funny business occurring in your account; calling your personal phone and directing you to call another number is not one of them. Nor will they send you an SMS with a link to follow.

If you’re worried that your account may actually be in danger, check your bank’s real contact number online and compare it to the one provided. Contact your bank’s fraud helpline or customer service, find out if your account has been compromised, and make sure you provide them with the bogus number given to you.

A healthy dose of common sense is the best prevention against a vishing attack. Don’t trust anyone calling from an unknown caller ID. We wouldn’t blame you for ignoring such calls altogether — better safe than sorry, after all. Remember this piece of golden advice: never give your personal details to anyone over the phone unless you are 100% certain that the person on the other side is legitimate.

Chad Hammond
Chad Hammond
Verified author
Chad loves traveling and technology. His global view and open-mindedness add interesting angles to various security topics. He has already traveled to over 80 countries and is not planning to stop any time soon.
Subscribe to NordPass news