What is Vishing?


Answering unsolicited calls can often prove costly. Criminals these days are matching the advancements in technology with their ingenuity. The most recent addition to their arsenal is vishing. Vishing is like phishing, which involves stealing victims’ credentials through email or SMS. But instead of email, Vishing uses voice to trick victims into parting with sensitive information. According to Business Insider’s 2021 survey, 46% of Americans receive fraudulent calls daily. Here’s a lowdown on the world of Vishing.

Vishing in a Nutshell

Vishing is the blending of two words: Voice and Phishing. In Vishing, a scammer uses a mix of social engineering and psychological conning to trick you into sharing personal data. They mainly target your account numbers, login credentials, PIN details, and OTPs.  Some common examples of vishing are:

  • Tech support fraud

  • Bank impersonation fraud

  • Telemarketing attack

  • Government representative fraud

How does Vishing work?

Scammers are meticulous in that they carry out detailed research on their intended victims before striking. They use Caller ID Spoofing software to trick people into believing they are receiving a call from a legitimate business. Once they establish contact, they play up fears by claiming the victim’s data is at risk. The warnings range from claims about the imminent expiry of ATM cards or threats to the bank or social media accounts. Once the victims panic, the scammers win their confidence by offering to handhold them to a solution. However, unknown to the victims, the scammers use their data. By the time the victim realizes the con, it’s too late. 

Vishing Techniques

Vishing attackers use several techniques to phish information; some are: 

  • War-dialing

Uses technology and software-driven calls to dial various numbers within specific area codes. When a victim answers the call, an automated voice message asks the person to spell out their full name, credit card details, among others. Gullible people with little knowledge of scamming often fall prey to such tricks.

  • VoIP

Is another easy means to create spoofed numbers and dial the victim to skim information over voice calls. VoIP-generated fake numbers are hard to track and are often used for imitating local phone numbers. Some cybercriminals generate VoIP numbers to make them appear to be coming from government departments.

  • Caller ID Spoofing

Is similar to VoIP-based vishing, where the scammer hides behind a fake phone number and pretends to be a legitimate caller. In this technique, they inscribe their names as ‘Unknown’ and pretend to represent a legitimate caller. They mimic the number to make them appear like they are from legitimate organizations such as tax departments, hospitals, police departments, etc.

How to protect against Vishing attacks

The advent and percolation of phones have given scammers an impetus to target the gullible. According to the BBC, the global vishing fraud caused US$ 1 billion in losses in 2015, and the toll is rising as we speak.

Let us look at some preventive measures against a vishing attack.

  • The scammer may pressure you into giving information over the phone and may use fear of loss tactics to get you to comply.

  • Many vishing scammers use auto-dialers for calling potential victims randomly. You can detect an auto-dialer system if there is latency or delay of 2-3 seconds before a live person speaks.

  • A legitimate caller will not hesitate before authenticating their professional affiliations. But a scammer will be reluctant to confirm their identity, web address, and online verification details.

  • Avoid answering unknown phone calls. Let the phone ring and then go to the voicemail. From there, you can listen to the message carefully.


The most efficient way to ward off any vishing attack is to be alert about callers and never give your information out over the phone unless you are sure of the caller’s identity. If you have questions about vishing or anything related to cybersecurity, don’t hesitate to contact us.