What is Vishing and How To Avoid This Scam
September 28, 2022
Voice phishing, also referred to as Vishing, typically originates as a phone call that sounds urgent or alarming. Such as an unsolicited caller telling you your bank account has been compromised, and that they need your PIN so they can verify your identity or unlock the account. Or they say they’re from the IRS or the Social Security Administration. They may insist you owe money. Or they might announce you’re a prize winner, but you’ll need to pay for shipping and handling to claim your prize.
These are all examples of “vishing,” a term that combines “voice” and “phishing” to describe a scam that relies on either a mobile or landline phone.
Phishing refers to attempts by cybercriminals to steal money or personal information from people through deceptive practices. Phishing can also occur through email, and short message or texting systems (known as “smishing”).
Criminals use vishing techniques because the method of talking quickly and persuasively can catch many people off guard. While some of these attempts are easy to detect, others are subtle enough to fool even the most cautious of consumers, especially when the caller makes it seem like urgent action is needed or personal information is in danger.
These deceptions can be convincing because the criminals often use personal information collected from other sources to make a vishing attempt sound like an authentic exchange. They also spoof phone numbers that belong to reputable organizations, which makes them appear legitimate on your phone caller ID. Some may come across as legitimate, and lower your defenses by using excellent imitations of trusted professionals looking out for your best interest.
Important: You should never provide personal or company information on an unsolicited call, no matter who they say they are.
Common Vishing Scams
Vishing calls can come from an actual person, an automated robocall, or a combination of both. The caller may know nothing about you, or they may provide information such as your address or even the last four digits of your SSN to win your trust. If you’re at work, a caller might pretend to be a trusted colleague, such as a member of your IT or HR team.
In every attempt, there will be a request for more information. Here are a few general vishing scenarios:
- Problem with your Account. A caller, purportedly from your bank or another organization you do business with, explains that there’s a problem with your account access, a payment you recently made, suspicious transactions or perhaps a refund you are waiting on. The caller requests information, such as your access code or account number, to resolve the issue.
- Demand for Payment. Scammers may pretend to work for government agencies, such as the IRS or the FBI, or as employees at collection agencies or other third parties. They may tell you that you owe money and must pay immediately, or else you will be fined or even arrested. These scams may also include text messages from the scammer to make their request look legitimate.
- Technical Support. Unsolicited calls or voicemails, which refer to legitimate companies, may advise you to use a phone number to contact a customer support number to resolve a problem with technical services or devices.
- Enrollment Scams. Some criminals pose as representatives for government programs, such as the Social Security Administration or Medicare, and collect personal or financial information under the pretext of helping you enroll or receive payments.
- Prize-Winning. An old scam that is frequently recycled, this vishing call informs the recipient that they’ve won a contest or can cash in a limited-time offer of goods or services. Personal or payment information is then requested.
How to Stay Safe from Vishing Scams
There are a few simple but critical rules to remember before you answer an unsolicited call:
- Don’t answer calls from numbers you don’t recognize. Vishing scammers may leave voicemails with a callback number. Do not call a number back without checking to see if it belongs to a business you know by checking their website for the same phone number.
Note: Most government agencies, such as the IRS, will not call you unless they have contacted you by mail first.
- Do not trust caller ID numbers. Criminals are routinely spoofing legitimate numbers of established companies and services. If you are suspicious, even if you recognize the caller’s organization, hang up before you give out any information or do not answer. If you think the call might be legitimate, call back a number you’ve verified independently — do not use your callback function.
- Do not give any caller personal or company information, even if they know some of your personal information already. Scammers can steal personal information from other sources or find it on the dark web. They will use what they know to trick you into giving them more information. The fact that a caller knows something about you or your company is not enough of a reason for you to trust them.
What to Do If You are the Victim of a Vishing Scam
- First, remain calm.
- File a complaint with:
- Change passwords on your accounts.
- Notify all banks, credit card companies, and government agencies you do business with, and then carefully monitor your financial transactions.