What is Vishing? Voice phishing scams explained

If you own a computer or a smartphone, you have probably heard about phishing. These targeted attacks often come in the form of infected emails, tricking unwary users into revealing personal information and putting their identity at risk.

You may even be familiar with spearphishing, a sophisticated form of hacking that targets executives and other decision makers. Unlike traditional phishing attacks, spearphishing attacks appear to come from legitimate sources, increasing their effectiveness – and their danger.

Now there is a new form of targeting, one that avoids your computer altogether and targets your phone instead. This threat is known as vishing, short for voice phishing, and the danger is very real – and growing.

If you have never heard of vishing, you are not alone. Compared to phishing and spearphishing, vishing attacks are still relatively unknown, and that lack of awareness just makes them more dangerous. So what is vishing, and more importantly, what can you do to avoid becoming a victim?

As the name implies, vishing happens when a con artist or other criminal leaves a voicemail on your phone. These voicemails can target your smartphone, your landline, or both, but no matter where they show up, they tend to have a few things in common.

One of the hallmarks of a vishing scam is that the voicemail appears to come from a legitimate company or governmental agency, often an organisation with great power. In other cases, the fraudulent voicemail purports to be from a bank or brokerage firm.

Receiving such a voicemail can be frightening, and that fear often induces victims to reveal personal information, like bank account numbers, credit card accounts, tax information and Social Security numbers. Armed with that personal information, the criminals go to work, stealing identities, selling data on the dark web and pocketing enormous amounts of profit.

There are a number of things people can do to protect themselves from vishing scams. One of the most important is to take a step back and allow some time to pass. It can be tempting to call back, especially when the voicemail sounds urgent or is threatening in nature. Even so, waiting before responding gives you time to think – and time to prepare.

If for instance your bank calls and requests your bank account number, ask yourself why they do not already have this information. Does it really make sense the bank hasn’t got a record of this?

The same applies with your credit card number – the bank certainly has that information and would have no reason to request it again.

Would a governmental agency really give you advance warning if an arrest or enforcement action were imminent? This kind of common sense thinking is often the best defence against an attempted vishing attack.

Keep in mind that unlike phishing and spearphishing attacks, vishing attempts often target those who are technologically unsophisticated. This can include senior citizens who may not use computers. If you have older relatives, it is important to share information about vishing, including how it works, what to look for and how to avoid becoming a victim. The threat of vishing is very real, and it is not going away. For now, the best you can do is be prepared.