Vishing attacks are voice phishing attacks. Instead of using email or text messages, the scammers use the phone to get you to give up your personal and financial information. By using the phone, scammers can use emotion and build trust in order to trick their victims.

By using the phone, scammers can use emotion and build trust in order to trick their victims.

A typical ploy consists of claiming that they are from the IRS, a compute company's tech support, your utility company, your credit card company, your bank, other business, or government agency.

How to Protect Yourself

Protect yourself with these tips:

  • Don't answer calls from numbers you don't recognize. If they really want to talk to you, they will leave a message.

  • Don't believe the Caller ID because it can be falsified.

  • Hang up if the caller is trying to rush you or get you to respond quickly.

  • Hang up if the caller is asking for information they should already have.

  • Hang up if the call is suspicious in any way. Even if you think it might be legitimate, you can verify the call by calling the customer support number from the organization's website (or other documentation).

  • Put your phone number on the National Do Not Call Registry. While this won't stop scam calls but it should reduce automated calls (or robo-calls).

For More Information

This article from Infosec provides a detailed description of how a vishing attack works.

If you need a phishing refresher, this article from the FTC describes how to recognize and avoid phishing scams.