Vishing is a type of cybercrime aimed at stealing personal information over the phone.. Vishing—a combination of “voice” and “phishing”—is a phone-based phishing scam, and criminals are usually after personal or financial information they can use to exploit you.
Because commercial and residential Voice over Internet Protocol (VoIP) users aren’t required to provide caller ID, vishing scams have become increasingly common—over 40% of all mobile calls were vishing scams in 2019. Additionally, 75% of all scam victims were called by criminals who already had their personal information.
How Does Vishing Work?
Vishing attackers typically use caller ID spoofing to make victims think a phone call is coming from a local area code or a trusted business. They usually pose as a trusted source or official entity to lure victims into handing over your personal information. They may pretend to be from your bank or credit card company, pose as a debt collector or act as a government official from the IRS.
When an unknowing victim picks up the phone, scammers will create a sense of urgency to play on their emotions and compel them to act on a request for personal information. They may say there’s a problem with one of your financial accounts that must be remedied immediately or that you have an outstanding debt you need to pay over the phone.
Vishing can take many forms, but the objective remains the same: to trick you into revealing sensitive information, whether for financial gain or to carry out another crime like identity theft.
Vishing vs. Phishing: What’s the Difference?
Phishing scams have been around since the mid-90s, but they’ve grown in sophistication over the decades. Phishing is any type of cybercrime in which criminals pose as a trustworthy source online to lure victims into handing over personal information. Phishing attacks are most often carried out by email, but as these types of scams have evolved over the years, they now take on a variety of different forms.
Vishing is essentially the phone-based version of phishing. The ultimate goal for both phishing and vishing is the same—to exploit victims in order to profit in some way, whether financially or otherwise.
4 Examples of Vishing Scams
As vishing becomes more prevalent, threat actors use a variety of techniques to lure victims into their scams. The examples below are some of the most common examples of vishing scams at work today.
1. Bank Impersonation
Vishing scammers may impersonate your bank, credit card company or another financial institution to gain access to your financial accounts. In this scenario, the scammer typically says there has been unusual or fraudulent activity on the victim’s account, and asks the victim to confirm their bank account details, account numbers or mailing addresses.
2. Tech Support Fraud
In this scenario, the caller will impersonate tech support from a reputable company like Google, Apple or another relevant provider. They’ll usually relay a report of suspicious activity on the victim’s account and ask to confirm their account details. They might also ask for an email address to which they can send a software update, instructing the victim to install it on their computer to avoid their account being compromised. In reality, the software update is actually a way to plant malware on the victim’s computer.
3. Social Security or Medicare Scam
Criminals often target seniors in their attacks, and they pose as Medicare or Social Security representatives to try and glean sensitive information from victims. They might call asking for Medicare account details in order to receive a new Medicare card, or ask victims to confirm their Social Security number to avoid termination of the benefits they’re entitled to.
4. IRS Tax Scam
This type of vishing attack usually involves a prerecorded voice message explaining an issue with the victim’s tax return. This is typically followed by a warning that if you fail to call back, a warrant will be issued for your arrest.
How to Spot a Vishing Scam
It can be difficult to recognize a vishing scam in action, especially because of how emotionally charged the calls can be. However, there are some warning signs that can help you identify potential frauds.
- Caller claims to be from a government agency: Always be suspicious of a caller who claims to be from a government agency and proceeds to ask for financial information. Government agencies never call out of the blue asking for sensitive information or money.
- There’s a sense of urgency: The main tactic used in vishing is to prey on victims’ emotions with fear or scare-tactics. If a caller is using threats of arrest or account suspension, remain calm and do not hand over your information.
- Caller asks you to confirm account details: Scammers may try to appear nonchalant with a simple request to verify some account information in order to remedy a problem with one of your accounts. Never reveal any identifying details to an unknown caller.
Vishing Prevention 101
As prevalent as vishing scams may be, preventing yourself from this type of attack is simple and effective.
Don’t Share Personal Information Over the Phone
To keep yourself safe from a vishing attack, the most important thing to remember is you should never provide or confirm personal information over the phone. Remember that credit card companies, banks and government officials will never call asking for sensitive information.
Don’t Answer Calls From Unknown Numbers
The simplest way to avoid a vishing attack is to avoid answering phone calls from numbers you don’t recognize. If it’s truly a legitimate person trying to contact you, let it go to voicemail and listen to their message carefully. Otherwise, avoid vishing altogether by forwarding unknown callers.
Ask for Proof of Identity Report
If someone calls you claiming to come from a legitimate organization, ask them to verify their identity. If they don’t have ulterior motives, they will have no problem confirming who they are, where they’re calling from and why they’re contacting you.
What to Do If You Suspect a Vishing Scam
If you do end up on the phone with someone you think could be attempting a vishing scam, it’s a good idea to file a report and hopefully prevent them from contacting and exploiting other victims.
If you get a suspicious phone call or think you’ve been targeted in a vishing scam, you can file an official complaint with The Federal Trade Commission online or by calling (888) 382-1222. If for any reason you believe that your personal information might be compromised, it’s important to change your passwords on your accounts, notify your banks and credit card companies and carefully monitor your financial activity.
Vishing attacks unfortunately aren’t going anywhere anytime soon, but that doesn’t mean you can’t protect yourself from them. Once you understand how these scams work and the warning signs to look out for, you can stay ahead of cybercriminals looking to exploit you.
To strengthen your defenses against cyber attacks, the next best line of defense is to make sure you’re equipped with a reliable antivirus. Taking advantage of a free antivirus software is a no-cost way to keep your security strong and your sensitive information out of harm’s way.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
