Have you heard of the term Vishing? It stands for voice phishing – phishing for personal data using voice calls or phone calls to regular folk. It is a widely used tactic for fraudsters and scammers.
It is serious stuff so you need to pay attention.
I’ll explain all you need to know – how it works and why it’s so dangerous.
I’ll also cover how to spot these scams, ways to avoid them then finally what to do if you are a victim of a Vishing scam.
Let’s get to it.
What is Vishing?
Voice phishing, also known as vishing, is a type of phone fraud. This scam involves criminals using the phone to try and steal money or information from their victims.
Voice phishing is most often done with automated dialers that reach thousands of people at once. Although they can be much more targeted and combine social engineering techniques to get your information.
I have guides covering the variations of Vishing – What is Phishing and What is Smishing. Check them out to get a full overview of these scams and how they work.
How Vishing Works
These scams have evolved and become more complicated over time. They use a number of different tricks to convince you that you are being contacted by a legitimate service.
One way this can work is as follows: When a potential victim answers the phone, voice phishing begins with a recorded message asking him to “please hold for an important announcement.” The recording usually warns the recipient that his credit card is about to expire, their bank account is on hold or something equally urgent.
The recording instructs the person on the other end of the line to press a button for more information or hang up if she doesn’t have time to listen.
If the individual presses a number to hear more, he’s connected with another automated message saying there has been a “slight delay” or that there is “a problem with the line.”
The recording tells him to press another number. That option connects the person with a live operator. This is where the fun starts.
These operators can be very skillful at getting information from the victim of the vishing attack. I’ll cover some of the common things they try to get later on.
Obviously, these tactics can be more or less complicated but the aim is always to con the victim that they are indeed talking to an official representative.
The Most Common Vishing Scams
Criminals use voice phishing to scam their victims. This can be extremely dangerous for any individual who may fall victim to the scam. Here are some examples of the most common vishing scams around today:
Criminals can use vishing to gain important or private information such as credit card and social security numbers. This could allow criminals access to your bank accounts and in turn, you run the risk of losing all the money saved in those accounts.
Criminals may try and claim that they are calling from a government agency, such as the IRS. This could be used to scare a victim into paying some sort of tax debt they may not actually owe. These calls can also claim the victim needs to send in an immediate payment or face consequences such as jail time.
In some cases, criminals may use vishing to set up more elaborate phone fraud schemes. They will try to get the victim to send in money through a wire transfer or prepaid card. The criminals may ask for this information so they can set up their own accounts.
The more complicated the scheme, the harder it is to detect and report.
Loan or Investment Scams – Sometimes vishing is used to try to get people to take out loans at really low rates – but no loan exists. Equally, they have been used to get people to take out investments that don’t exist.
The fact that voice phishing can be done from anywhere in the world makes it very dangerous. Victims might not be able to identify exactly where the call is coming from. And even if you managed to trace where the scam originated any legal recourse is going to be more difficult.
Also, because criminals can use pre-recorded messages to conduct these scams they have a better chance of convincing you that you’re being contacted by an official source. This makes it harder for people to see the warning signs and end up falling victim to the scammers.
Another way Vishing can be used is to trick phone users into installing spy apps on their own devices. This usually involves the caller asking you to click on a disguised download link that will secretly install monitoring software. Then they can have access to almost everything on your cell phone. See my article covering phone hacking methods for more information.
How to Spot Vishing Scams
There are some simple things you can look out for to spot a vishing scam:
- If you are ever asked to provide credit card details, pin numbers, IMEI codes or passwords over the phone, don’t – no legitimate company will ask for this personal information.
- If the caller claims to represent the Social Security Administration, IRS, Medicare, or your bank it may be a scam. These bodies do not reach out to you requesting any personal or financial information by text, email, phone, or social media.
- Listen carefully to any voice recording that asks for personal information. You may be able to identify that it is an automated message and not an actual person calling you.
- If you’re asked to take part in a mystery shopping inquiry, just hang up the phone – no legitimate company will ever ask for this.
- The same goes for any business that asks you to send money or purchase gift cards to claim prizes. Any request like this should be met with suspicion.
There are many other ways scammers might try to convince you that they are calling you on behalf of a genuine business. But whatever way it happens, if someone tries to convince you over the phone, never give out personal information.
For extra safety I would recommend blocking restricted calls – calls from numbers that are withheld. See my guide on how to do this on iPhone and Android devices.
One final note – there was another technique I saw criminals using in Europe which can be very hard for people to recognize as fraud. It involves the criminal calling on behalf of a local business.
It’s more difficult to identify this as a phishing call because you may know the name of the business and might think that they’re genuinely calling on their behalf. In some cases, people have been convinced to go along with the scam after being told it has been organized by an official Government body or local council.
If in any doubt whatsoever just end the call – seriously. Your bank, the IRS, or whoever will not be offended! Hang up and contact the body or business they claim to represent directly and make your own inquiries.
Avoiding Vishing Scams
Now you know what to look out for with these scams you just need to remain vigilant.
- Never give out personal or financial information if you’re not sure who you’re speaking to.
- If the person claims to be from your bank, Government body or other official source double check their details with the real institution. Remember they will not ask you for personal information without you contacting them directly. Do not let anyone pressure you into making a quick decision – no legitimate Government agency or company will demand an immediate response to an inquiry.
- If you are ever in doubt, hang up and contact the body or company directly – don’t wait for them to get in touch with you.
If You Think You Have Been Scammed
It’s easy to see why these voice phishing scams are so successful. With the potential to be incredibly convincing the criminals behind them have a big incentive to keep trying new ways of getting people to give up their financial information.
So it’s important for everyone – not just seniors or vulnerable adults – to know how these scams work, what they sound like, and that there are things you can do to protect yourself.
If you have given away personal information – contact the company or organization mentioned and let them know what has happened, they will be able to help.
It’s a good idea to contact your phone carrier and tell them you have been targeted. They may be able to help trace problem calls. See my guide about Sprint call and text logs for some ideas.
If you have been the victim of a voice phishing scam always report it directly to your bank or financial institution. Next, you should report it to the FTC – they have a reporting section that makes it easy to make a complaint.
Scammers can build a picture of your personal accounts from several sources so inform your bank of any lapse in security however minor it seems.
The various institutions will advise you on how to proceed. In some cases, you may have to change your account numbers and passwords to stay safe.
In the case of fraudulent transactions, you should keep all details of what happened. Credit cards usually offer better protection in case of fraud. Unfortunately, a growing number of people fall victim to these crimes each year – and many lose money as a result.
Vishing is the telephone equivalent of phishing. You might not think it’s possible to get scammed out of thousands of dollars over the phone – but it happens every day and vishing attacks are now one of the most common forms of fraud.
If you have any other security-related questions have a good look around the security section of this site. I cover lots of information aimed at keeping you and your loved ones safe and secure online.
Look out for the signs, be aware of what they can do, and stay safe!