What is vishing? Tips for spotting and avoiding voice scams
When your phone rings, it’s sometimes hard to know who’ll be on the other end. It might be someone vishing.
Vishing, a combination of ‘voice’ and ‘phishing,’ is a phone scam designed to get you to share personal information. In 2018, phishing crimes cost victims $48 million, according to the FBI’s Internet Crime Complaint Center.
Here's what to know about vishing attacks and how to help protect yourself.
What is vishing?
During a vishing phone call, a scammer uses social engineering to get you to share personal information and financial details, such as account numbers and passwords. The scammer might say your account has been compromised, claim to represent your bank or law enforcement, or offer to help you install software. Warning: It's probably malware.
Vishing is just one form of phishing, which is any type of message — such as an email, text, phone call or direct-chat message — that appears to be from a trusted source, but isn’t. The goal is to steal someone's identity or money.
It’s getting easier to contact more people, too. Scammers can place hundreds of calls at a time using voice over internet protocol (VoIP) technology and can spoof the caller ID to make the call appear to come from a trusted source, such as your bank.
Common vishing scams
About three-quarters of the fraud complaints reported to the Federal Trade Commission involve contact with consumers by telephone. Here are some of the common themes:
“Compromised” bank or credit card account
Whether it’s a person or a prerecorded message on the other end, you’ll be told there’s an issue with your account or a payment you made. You may be asked for your login credentials to fix the problem or asked to make a new payment. Instead of giving out your info, hang up and call your financial institution on their publicly available number.
Unsolicited loan or investment offers
Scammers will call with offers that are too good to be true. They'll say, for example, that you can earn millions of dollars on one small investment, pay off all your debt with one quick fix, or get all your student loans forgiven in one fell swoop. Typically, you must “act now” and will need to pay a small fee. Don't fall for it. Legitimate lenders and investors won't make these types of offers and won't initiate contact out of the blue.
Medicare or Social Security scam
Phone calls are the No. 1 method scammers use to reach older adults, according to the Federal Trade Commission. Crooks pose as Medicare reps — often during Medicare open enrollment season — and try to glean financial information from the victim, such as their Medicare number or bank account details. Then the scammer will either fraudulently use the victim's Medicare benefits or steal their money. Scammers may also claim to be from the Social Security Administration and threaten to suspend or cancel the victim’s Social Security number.
IRS tax scam
There are many variations of this type of scam, but typically, you'll receive a prerecorded message. It tells you something's wrong with your tax return and if you don't call back, a warrant will be issued for your arrest. Scammers usually pair this with a spoofed caller ID made to look like the call is coming from the IRS. Before you proceed, it pays to understand what the IRS can and can't do when they need to contact you.
How to spot a vishing scam
Here are some of the tell-tale signs of a vishing scam:
- The caller claims to represent the IRS, Medicare, or the Social Security Administration. Unless you've requested contact, none of these federal agencies will ever initiate contact with you by email, text messages, or social media channels to request personal or financial information. In fact, be skeptical of anyone who calls you with an offer.
- There's a frantic sense of urgency. Scammers will try to tap into your sense of fear, using threats of arrest warrants and problems with your account. If you get one of these phone calls, remain calm and never give out your own information. Hang up and do your own investigation.
- The caller asks for your information. They may ask you to confirm your name, address, birth date, Social Security number, bank account info, and other identifying details. To trick you into thinking they're legit, they may even have some of this info on hand. The goal is to get the remaining info that they don't have yet.
How to protect yourself from vishing
Aside from knowing how vishing works and looking for red flags, you can also:
- Join the National Do Not Call Registry. Adding your home or mobile phone number to this registry is free and tells telemarketers you don't want their phone calls. However, certain types of organizations may still call you, such as charities and political groups, and it won't stop people from illegally calling your number.
- Don't pick up the phone. Although it may be tempting to answer every phone call, simply let them go to voicemail. Caller IDs can be faked, which means you might not know who's calling. Listen to your messages and decide whether to call the person back.
- Hang up. The moment you suspect it's a vishing phone call, don't feel obliged to carry on a polite conversation. Simply hang up, and block the number.
- Don't press buttons or respond to prompts. If you get an automated message that asks you to press buttons or respond to questions, don't do it. For instance, the message might say "Press 2 to be removed from our list" or "Say ‘yes’ to talk with an operator." Scammers often use these tricks to identify potential targets for more robocalls. They also might record your voice and later use it when navigating voice-automated phone menus tied to your accounts.
- Verify the caller's identity. If the person provides a call-back number, it may be part of the scam — so don't use it. Instead, search for the company's official public phone number and call the organization in question.
How to recover after a vishing attack
If you've provided your financial information to someone who you later think is a scammer, first call your financial institution. Whether it's your credit card issuer, bank, or Medicare contact, call and ask about canceling fraudulent transactions and blocking future charges.
You might also need to change your account numbers to make sure no one uses your existing accounts.
Freezing your credit reports can help ensure no one can open new accounts in your name. Then file a complaint with the Federal Trade Commission or the FBI's Internet Crime Complaint Center.
While vishing attacks are crafted to trick you, it's possible to learn the red flags before you pick up the phone. Stay ahead of the cyberthieves who are trying to tap your personal details over the phone.
Try Norton 360 FREE 30-Day Trial* - Includes Norton Secure VPN
30 days of FREE* comprehensive antivirus, device security and online privacy with Norton Secure VPN.
Join today. Cancel anytime.
Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Copyright © 2021 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.