Vishing is a type of phishing attack where scammers make phone calls pretending to be someone else, often a legitimate business, to steal private information or money. Vishing stands for voice phishing, since this scam is done over phone calls. Americans face over 4 million scam phone calls a month.
How Vishing Works
In a vishing attack, a criminal calls the victim, pretending to be from a legitimate organization like a bank or government agency, and tricks the victim into providing sensitive information such as credit card numbers, PINs, or login credentials. Scammers may even ask for direct payments through gift cards or cryptocurrency transfers.
Technological advances, such as Voice over Internet Protocol (VoIP) and caller ID spoofing, have made vishing easier and more prevalent. These tools allow scammers to make calls from fake numbers, sometimes mimicking area codes or phone numbers similar to the victim's.
Common Vishing Tactics
Vishing attackers often impersonate IRS agents, Social Security Administration officials, bank representatives, tech support personnel, or other authority figures. They use urgency and fear to pressure victims into acting quickly without thinking critically.
Prevalence
Vishing attacks rose by 442% in the latter half of 2024, making it a growing threat to both individuals and organizations.
How to Detect and Prevent Vishing
Be skeptical of unsolicited calls requesting personal information or immediate action. Legitimate organizations will not ask for passwords, Social Security numbers, or payment over the phone without prior verification. Hang up and call back using an official number listed on the organization's website. Report suspicious calls to the appropriate authorities.