What is Vishing? Tips for Spotting and Avoiding Vishing.

"When your phone rings, it’s sometimes hard to know who’ll be on the other end. It might be someone vishing."

Vishing, a combination of ‘voice’ and ‘phishing,’ is a phone scam designed to get you to share personal information.

Here's what to know about vishing attacks and how to help protect yourself.

What is Vishing?

During a vishing phone call, a scammer uses social engineering to get you to share personal information and financial details, such as account numbers and passwords. The scammer might say your account has been compromised, claim to represent your bank or law enforcement, or offer to help you install software. Warning: It's probably malware.

Vishing is just one form of phishing, which is any type of message — such as an email, text, phone call or direct-chat message — that appears to be from a trusted source, but isn’t. The goal is to steal someone's identity or money.

It’s getting easier to contact more people, too. Scammers can place hundreds of calls at a time using voice over internet protocol (VoIP) technology and can spoof the caller ID to make the call appear to come from a trusted source, such as your bank.

Vishing Examples:-

Vishing can take several forms. One form targets your bank account or credit card account. For example, you might get a call from with a message such as:

Another vishing attack example is a phone call about a free offer or telling you that you’ve won a prize. But in order to redeem the freebie, you must first pay for shipping and handling. A third example is a call saying you’ve won a prize such as a cruise or Disney vacation. To claim your prize, you’re told to first pay a redemption fee. Often, they ask you to give your credit card number over the phone. 

Your account has been compromised. Please call this number to reset your password. 

The visher hopes you’ll hear the message and panic. Typically, when you dial the number they leave, you hear an automated recording that asks for information like bank account numbers and/or other sensitive information. 

Other vishing scams include things like:

·         Unsolicited offers for credit and loans

·         Exaggerated investment opportunities

·         Charitable requests for urgent causes

·         Extended car warranty scams

What is vishing banking?

Vishing banking scams are a vishing attack that involves a call from someone who says they’re from your bank or some other financial organization. They may tell you that there is a problem with your account or with a payment from your account. They might ask you to transfer money to a different account to correct the problem. However, all they’re doing is taking your money. 

What is a phishing phone call?

A phone call from someone pretending to be from a bank, credit card company, debt collector, charitable organization, healthcare provider, or even the IRS. Some phishers may tell you that you’ve won a prize, like a vacation, but you need to pay a small fee to collect it. Their objective is tricking you into giving sensitive information over the phone. If you give them your information, they can access your financial accounts or steal your identity. 

What is the difference between phishing and vishing?

Phishing can take many forms, such as a phone call, email, or phony website. In comparison, vishing uses internet phone services (VoIP) to complete the scam. Often, this includes ‘spoofing’ the phone number of a real business or company. 

When vishers spoof a legitimate business and customers are affected, the company suffers. Even though the actual business had nothing to do with the vishing scam, the company’s reputation, brand, and image could be negatively impacted. 

"Can you get hacked by answering a phone call?"

No, answering a phone call does not lead to being hacked. None of your data, passwords, or other sensitive information can be transmitted through a phone call. However, if you’re still not convinced, don’t answer calls from unknown numbers. 

Common vishing scams:-

About three-quarters of the fraud complaints reported to the Federal Trade Commission involve contact with consumers by telephone. Here are some of the common themes:

“Compromised” bank or credit card account:-

Whether it’s a person or a prerecorded message on the other end, you’ll be told there’s an issue with your account or a payment you made. You may be asked for your login credentials to fix the problem or asked to make a new payment. Instead of giving out your info, hang up and call your financial institution on their publicly available number.

Unsolicited loan or investment offers:-

Scammers will call with offers that are too good to be true. They'll say, for example, that you can earn millions of dollars on one small investment, pay off all your debt with one quick fix, or get all your student loans forgiven in one fell swoop. Typically, you must “act now” and will need to pay a small fee. Don't fall for it. Legitimate lenders and investors won't make these types of offers and won't initiate contact out of the blue.

Medicare or Social Security scam:-

Phone calls are the No. 1 method scammers use to reach older adults, according to the Federal Trade Commission. Crooks pose as Medicare reps — often during Medicare open enrollment season — and try to glean financial information from the victim, such as their Medicare number or bank account details. Then the scammer will either fraudulently use the victim's Medicare benefits or steal their money. Scammers may also claim to be from the Social Security Administration and threaten to suspend or cancel the victim’s Social Security number.

IRS tax scam:-

There are many variations of this type of scam, but typically, you'll receive a prerecorded message. It tells you something's wrong with your tax return and if you don't call back, a warrant will be issued for your arrest. Scammers usually pair this with a spoofed caller ID made to look like the call is coming from the IRS. Before you proceed, it pays to understand what the IRS can and can't do when they need to contact you.

How to spot a vishing scam:-

Here are some of the tell-tale signs of a vishing scam:

• The caller claims to represent the IRS, Medicare, or the Social Security Administration. Unless you've requested contact, none of these federal agencies will ever initiate contact with you by email, text messages, or social media channels to request personal or financial information. In fact, be skeptical of anyone who calls you with an offer.
• There's a frantic sense of urgency. Scammers will try to tap into your sense of fear, using threats of arrest warrants and problems with your account. If you get one of these phone calls, remain calm and never give out your own information. Hang up and do your own investigation.
• The caller asks for your information. They may ask you to confirm your name, address, birth date, Social Security number, bank account info, and other identifying details. To trick you into thinking they're legit, they may even have some of this info on hand. The goal is to get the remaining info that they don't have yet.

How to protect yourself from vishing:-

Aside from knowing how vishing works and looking for red flags, you can also:

• Join the National Do Not Call Registry. Adding your home or mobile phone number to this registry is free and tells telemarketers you don't want their phone calls. However, certain types of organizations may still call you, such as charities and political groups, and it won't stop people from illegally calling your number.
• Don't pick up the phone. Although it may be tempting to answer every phone call, simply let them go to voicemail. Caller IDs can be faked, which means you might not know who's calling. Listen to your messages and decide whether to call the person back.
• Hang up. The moment you suspect it's a vishing phone call, don't feel obliged to carry on a polite conversation. Simply hang up, and block the number.
• Don't press buttons or respond to prompts. If you get an automated message that asks you to press buttons or respond to questions, don't do it. For instance, the message might say "Press 2 to be removed from our list" or "Say ‘yes’ to talk with an operator." Scammers often use these tricks to identify potential targets for more robocalls. They also might record your voice and later use it when navigating voice-automated phone menus tied to your accounts.
• Verify the caller's identity. If the person provides a call-back number, it may be part of the scam — so don't use it. Instead, search for the company's official public phone number and call the organization in question.

How to recover after a vishing attack:-

If you've provided your financial information to someone who you later think is a scammer, first call your financial institution. Whether it's your credit card issuer, bank, or Medicare contact, call and ask about canceling fraudulent transactions and blocking future charges.

You might also need to change your account numbers to make sure no one uses your existing accounts.

Freezing your credit reports can help ensure no one can open new accounts in your name. Then file a complaint with the Federal Trade Commission or the FBI's Internet Crime Complaint Center.

While vishing attacks are crafted to trick you, it's possible to learn the red flags before you pick up the phone. Stay ahead of the cyberthieves who are trying to tap your personal details over the phone.

Stay Safe and Don’t Be a Victim:-

If you have a phone, you should remain suspicious of phone calls. Whether the call is from an unknown number or from a seemingly legitimate number, be suspicious. However, if you do answer the phone, don’t fall for their pressure tactics or emotional manipulation. 

You don’t have to be a victim of vishing. Stay safe and be wary vishers! If you’re a business, be on the alert. Vishers are always planning their next scam. Be vigilant and take precautions to prevent your business from being the next victim.