What is vishing? Tips to spot and avoid voice phishing scams
Vishing and other phone-based scams are a persistent scourge. Learn more about voice phishing, including examples and how to spot an attack. Then, get Norton 360 Deluxe to help stay protected against phishing attacks, malware, and other online threats.
In today's digital landscape, vishing poses a significant threat to our security. In this post, we’ll break down how vishing works, common types of vishing techniques, and how to prevent vishing scams. Here's what to know about vishing attacks and how to keep yourself (and your data) secure.
What is vishing?
Vishing, short for “voice phishing,” is a phone-based cyberattack where cybercriminals exploit the phone as a tool for their attacks. During a vishing phone call, a scammer may try to get you to share personal information and financial details, such as bank account numbers and passwords.
Scammers accomplish this by posing as a trustworthy or authoritative source during a phone call. They may spoof the caller ID to appear legitimate or even use Voice over Internet Protocol (VoIP) technology to place hundreds of calls at a time for more widespread attacks.
What’s the difference between phishing, vishing, and smishing?
Vishing, smishing, and phishing are different forms of cyberattacks designed to gain access to your data, spread malware, and defraud or extort people.
Each of these attacks uses deceptive techniques to lead you to reveal your personal information. The difference lies in the method of communication used to carry them out.
Here’s a breakdown of their differences:
- Phishing: Phishing is a type of cyberattack that uses fraudulent emails, texts, calls, or online messages to steal data, gain access to account information (including logins), and monitor online activities. This can be accomplished by tricking recipients into clicking malicious links or visiting fake websites.
- Vishing (voice phishing): Vishing is a form of phishing that involves voice communication. Vishing calls may be from a real person or be a pre-recorded robocall; either way, criminals use voice tactics to trick you into taking certain actions that put your personal data at risk.
- Smishing (SMS Phishing): Smishing is a form of phishing conducted through text messages. Smishing and vishing attacks take place through phones, but smishing uses SMS and spam texts instead of voice calls to access your confidential info.
4 examples of vishing scams
From financial institution impersonation to tech support fraud, vishing scams tend to take on a few common forms. Here are some more vishing examples:
1. Bank impersonation
A common vishing scam is when attackers pose as representatives from banks or financial institutions. Whether it’s a real person impersonating the bank on the phone or a prerecorded message, a scammer will often tell you there’s an issue with your account or a recent payment you made.
Using convincing scripts, they’ll trick you into sharing account details or PINs. They may even have you transferring funds to another account to fix the “problem.”
2. Tech support scams
This type of vishing scam frequently targets older adults (age 60+), as they are 398% more likely to fall victim to tech support scams than younger people, according to the Federal Trade Commission.
Scammers may pose as tech support personnel from large companies like Amazon, Microsoft, or AT&T. In this vishing scam example, the scammer could call you claiming to have detected a harmful virus on your phone or computer or to alert you of an important software update.
From there, they’ll convince you to share your personal information or login credentials and even request remote access to your devices to solve the issue or install the update.
3. Medicare or Social Security scams
Vishing scammers may pose as Medicare reps—often during Medicare open enrollment season—and try to glean financial info from victims, such as their Medicare number or bank account details.
From there, the scammer will either fraudulently use the victim's Medicare benefits or steal their money. Scammers may also claim to be from the Social Security Administration and threaten to suspend or cancel the victim’s Social Security number.
4. Government agency (IRS) imposters
Vishing attackers may impersonate government officials, issuing false warnings about unpaid taxes. The goal is to create panic, leading victims to share sensitive information or make payments to resolve supposed problems.
There are many variations of this type of scam; typically, you'll receive a prerecorded message about an issue with your tax return and that if you don't call back, they will issue a warrant for your arrest. Scammers usually pair this with a spoofed caller ID made to look like the call is coming from the IRS.
In cases like this, be sure you know the signs of an IRS scam call vs authentic contact from the IRS.
How to spot a vishing scam
The tell-tale signs of a vishing scam are urgency and fear tactics, unsolicited requests for sensitive info, and poor call quality, to name a few. Recognizing a vishing scam is key to protecting your money and personal information.
Here’s a closer look at some red flags to watch out for.
Unsolicited calls
Calls you weren’t expecting can be a sign that someone is trying to vish you. If you think a call is suspicious, you can hang up, look up the real number, and call back to see if the call was legit. Most of the time, these calls are bogus, especially if they’re supposedly calling from the government or a real business.
- Federal agencies: Unless you’ve requested contact, federal agencies like the IRS, Medicare, or the Social Security Administration will never initiate contact with you. They also won’t request personal or financial information from you out of the blue.
- Banks, hospitals, or tech support: The above is also true for seemingly legitimate companies, whether a bank, hospital, or even the local police. These entities will never make unprompted requests for sensitive information over the phone—always be skeptical of these calls, no matter how convincing their message seems.
What to do: If you’re not 100% sure about a caller, get their name and employee ID and call the agency back via their official phone numbers listed on their website.
Urgency and fear tactics
To pressure you into taking immediate action, scammers will use threats to create a sense of urgency. If you get one of these phone calls, remain calm and never give them any form of payment or personal information.
What to do: Ask them for more information about their request; make them slow down and provide the necessary information to assess the situation.
Requests for personal information
Anyone who calls out of the blue and asks you to confirm your Social Security number, bank account info, or other identifying details over the phone is likely a scammer. Never share confidential info on the phone unless you can confirm the source is who they say they are.
What to do: Verify the caller's legitimacy by contacting the official phone number or customer support of the company they claim to represent.
Background noise or poor audio quality
Pay attention to odd background noise or generally poor audio quality on phone calls. Also, listen for unnatural or robotic-sounding voices, as it could be a robocall.
What to do: Hang up and verify the call's legitimacy by contacting the company or individual through their official contact channels. Legitimate calls typically have clear audio.
How to protect yourself from vishing
Use these tips to safeguard yourself and your data from a vishing scam:
- Verify caller identities: Always confirm a caller’s identity, especially if they request sensitive information. If they provide a call-back number, it may be part of the scam—so don't use it. Instead, search for the company's official phone number and call them to confirm if the call was legitimate.
- Ignore calls from unknown numbers: Although it may be tempting to answer every phone call, simply let them go to voicemail if you don’t recognize the number. Listen to your messages and decide whether to call the person back.
- Trust your instincts and hang up: The moment you suspect a vishing phone call, don't feel obliged to converse politely. Simply hang up and block the number.
- Join the National Do Not Call Registry: Adding your home or mobile phone number to the Do Not Call Registry is free and tells telemarketers you don't want their phone calls. It won't stop people from illegally calling your number, so it’s important to remain vigilant against suspicious calls.
- Use call-blocking features: Enable call-blocking features on your phone to filter out potential vishing scams. Most smartphones offer this function to help you avoid fraudulent calls.
- Use two-factor authentication: Add an extra layer of security to your mobile device and accounts by enabling two-factor authentication.
The tips above can help you identify and avoid vishing attempts—and improve your overall cybersecurity.
Keep you and your phone safe from scammers
While vishing attacks are crafted to trick you, learning the red flags can help stop you from giving out information after you pick up a call from a visher. With this knowledge, you can stay ahead of cybercriminals who are trying to tap your personal details over the phone.
Norton 360 Deluxe helps protect you from fraudsters and other cyber crooks by constantly scanning your devices for malware and defending against phishing by blocking fake websites. It also includes a password manager and VPN to help you create better password habits and keep your searches private.
Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc.
Want more?
Follow us for all the latest news, tips and updates.