What is vishing and how do I protect myself against it?

Grace Macej 24 Aug 2022

While there are a variety of vishing methods, the most common have recently centered on the theft of financial information or government IDs.

The telephone has undergone a string of changes over the past several decades, starting with cords and now culminating in virtual options that sit on a device that can do far more than just allow you to have voice chats with others.

But over the last few decades, regardless of the way in which people have been using their telephones, one thing has remained constant: scammers have used the medium to target unsuspecting victims.

For more than 30 years, vishing scams have been a dangerous (and surprisingly effective) method for attackers to target people and get them to hand over sensitive information. And despite attempts at informing the public about the dangers of vishing by a variety of law enforcement agencies, vishing continues to be one of the best ways for hackers to steal information.

Further reading: Vishing scams are on the rise and Interpol is cracking down

Here's more on vishing, including some advice on how to protect yourself from the threat.

What is vishing?

Vishing is a long-standing technique used by hackers to dupe unsuspecting victims through a voice call or voicemail. In vishing scenarios, someone claiming to be from a reputable organization or company known to you is actually a scammer trying to steal your information, funds, or other data.

To conduct the attack, the scammers call you and misrepresent themselves. They then try to fool you into sharing your credit card number, government IDs, or other sensitive information that you’d otherwise not want to share in a traditional setting.

Vishing vs. phishing

If the term vishing sounds familiar, it’s likely because you’re familiar with the ubiquitous phishing scam.  But alas, vishing and phishing are decidedly different.

Indeed, vishing may be considered a type of phishing, whereas phishing itself is a catchall term for a range of attacks that aim at stealing sensitive information. While vishing attacks center solely on the use of voice to scam others, phishing scams can use a variety of methods, ranging from voice and text messages to fake emails and websites.

There are some other phishing scams out there, including spear phishing, when a scammer targets a specific individual or organization. Smishing is the term used when scammers use text messages to target you. There’s even whaling — a scam whereby attackers target celebrities, politicians, or other well-known individuals to blackmail.

Regardless of the type of attack in question, phishing and vishing scams all have the same goal in mind: to steal your information.

Further reading: Which phishing scams are trending right now?

Common types of vishing scams

While there are a variety of methods by which scammers use vishing, in recent years, the most common have centered on the theft of your financial information or government IDs.

In order to conduct those attacks, scammers may engage in a technique called wardialing that allows them to scan a slew of phone numbers and dial them in quick succession to target as many people as possible. Remember: vishing is a numbers game and the vast majority of people won’t fall for the scam. So the more people scammers can target, the better.

In a digital world, it’s perhaps no surprise that scammers have also used vishing with Voice over Internet Protocol (VoIP) services. Using VoIP, which provides phone service exclusively over the Internet, attackers can easily create a rash of phone numbers to dial others and shroud their identity while targeting victims.

Regardless, when those scammers call, they often try to seek your credit card information or personally identifiable information. They then use that to steal your identity, drain your bank accounts, or otherwise scam you.

How to protect yourself against vishing scams

So, if vishing is such a concern and it’s getting worse, how might you protect yourself? Luckily, it’s not that hard if you know what to look for.

Vishing scam success is ultimately predicated on your willingness to hand over information. If you hand it over, you’ll fall victim to the attack. If you don’t, you’ll successfully avoid the threat.

So, more than anything, be sure to have a healthy dose of skepticism when interacting with someone who called you. While anything is possible and the call could be authentic, if something doesn’t seem right, never share any information. It’s always better to hang up the phone, call the company or organization in question, and interact with someone who you know works at the organization you’ve contacted.

As a matter of course, also stop sharing private information over the phone. In most cases, companies don’t request that information. It should be the first sign of something awry. And if you happen to receive a voicemail from a scammer, instead of responding to that person directly on the number they’ve provided, call the company itself to see if someone actually reached out to you.

Vishing scams are troubling and can wreak havoc on your life. But if you have the right plan in place and put your security first by not trusting anyone who calls you, there’s a good chance you can sidestep these scams.

--> -->