What Is a Vishing Attack and How to Protect Yourself Against It?

By Sydney Butler / October 15, 2020

You've probably heard of phishing. It's a scamming technique where an email or other digital message is sent to you, pretending to be a bank or online service. You'll be told something is amiss. Perhaps your password has expired, or it's your banking saying you've been the victim of fraud. 

There's usually a link in the email as well. If you click on it, you're taken to a fake version of the real site. You're tricked into typing in your real credentials, and the attackers get your login details! Sometimes, all they want is personal information that can be used against someone else or in a different type of attack. As if phishing wasn't enough, now we have to contend with vishing attacks - a relatively new twist on phishing that's not as easy to defend against.

What Is Vishing?

The word vishing comes from the words "voice" and "phishing." So, in essence, it's voice phishing. Vishing is perpetrated over the phone, over voice-over-IP applications, or any digital method of talking with someone directly using your voice.

The Vishing Attack Pattern

masked scammer

Vishing attacks are mainly a form of social engineering attack. That is, it targets weaknesses in human psychology to reach its aims.

While each specific scam is unique in its details, they have common elements:

It's hard to give a universal account of what these attacks look like because they can be very different from one to the next. So let's look at some of the more common scams.

Typical Vishing Scams

A lot of vishing scams have to do with money, which makes sense when you think about it. Attackers will pretend to be from a bank or financial institution. They will phone you and tell you there's a problem with your card or account. At some point in the call, you will be asked to provide your credit card numbers, or perhaps you'll be asked to make a new payment because a previous one had "failed." In all cases, any money leaving your account is going straight to the scammer.

There are also scams that involve getting easy loans at low-interest rates, investment opportunities that will earn you large amounts based on small pay-in, and so on. These are all scams involving some sort of processing fee or investment payment from you. They will tell you that the offer is only available if you seal the deal right there on the phone and, as you might expect, you'll never see your money or the "company" ever again.

There are also plenty of scams that involve government agencies. These can rely on weaknesses in the social security system. Scammers phone posing as officials for medical aids or social security departments. They will ask the victim for details pertaining to these services and then use it to steal those same benefits.

Posing as a tax collector is another popular one. This can be used to scare people into paying "fines" or face arrest. It can be used to steal tax refunds, but getting your filing information and then filing ahead of you with their own bank details. The IRS has a tax scam page, as do most world tax authorities. So that's worth checking.

Protecting Yourself Against Vishing Attacks

call ID

Vishing can be very tricky to protect yourself against. There are some basic rules you can use to make it less likely that you'll be scammed:

Vishing is often successful because it's easier for a human being speaking you over the phone to be convincing. We often feel social obligations to be polite or to comply with someone who sounds confident and authoritative.

It's especially effective against less computer-savvy people or persons who aren't familiar with phishing scams in the computer world. People who still use landlines, for example, might be older and less familiar with cybersecurity issues. Now that you know what vishing is, you can successfully avoid it!

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: