This post may contain affiliate links, please read our affiliate disclosure to learn more.
Vishing (Voice or VoIP Phishing): How to Recognize & Prevent Vishing?

Vishing (Voice or VoIP Phishing): How to Recognize & Prevent Vishing?

 By Charles Joseph | Cybersecurity Researcher
 Published on December 15th, 2023
This post was updated on December 16th, 2023

Vishing, short for voice or VoIP phishing, is a deceptive practice where fraudsters use phone calls or voice messages pretending to be from trusted entities to trick individuals into revealing personal information like credit card numbers or passwords. They often use caller ID spoofing to make it seem as if the call is coming from a legitimate source.

Vishing (Voice or VoIP Phishing) Examples

1. Bank Call Scam

This is a common example of vishing where a scammer poses as a representative from your bank. You may receive a call notifying you of suspicious activity or an issue with your account. The caller sounds professional and the situation urgent, creating a sense of panic. This tactic often prompts hurried decision-making, leading to the sharing of sensitive information.

NordVPN 67% off + 3-month VPN coupon

Stay One Step Ahead of Cyber Threats

Want to Be the Smartest Guy in the Room? Get the Latest Cybersecurity News and Insights.
We respect your privacy and you can unsubscribe anytime.

The trick here is that the scammer wants you to feel there’s a serious problem with your account that you need to fix immediately, diverting you from thinking rationally and making you more prone to fall for their trick. Beware, as these fraudsters are skilled in making the call seem very real and they might know some details about you already. They’ll use every trick to get you to disclose information such as your account number, card details, or even worse, your online banking password.

If you receive such a call, it’s best to hang up and call back on the official bank number—found on your bank card or statement—to verify the legitimacy of the call. Remember, no genuine bank will ask you for your full password or other sensitive data over the phone.

2. Tech Support Fraud

In this type of vishing scam, you get a call from someone claiming to be from tech support of a well-known tech company. The caller might tell you that your computer or device has been compromised with a virus or malware, causing you concern and anxiety.

With the intention to ‘solve’ the issue, they’ll ask for remote access to your device. This is where the trap lies. Once they have control of your computer, they can install malicious software, steal personal information, or lock your computer and demand a ransom to unlock it.

In some cases, they might ask for a fee to ‘fix’ the non-existent problem. It’s important to remember that reputable tech companies do not directly call their customers for tech support issues unless requested. If you get such a call, hang up and reach out to the company’s official support channel independently to verify the claim.

3. Prize Fraud

Another common instance of vishing is when someone calls saying you’ve won a sweepstakes, lottery, or a prize, often of a substantial value. The excitement of winning can easily cloud judgment and make you a willing participant in the con.

In order to supposedly claim the winnings, they ask you to provide personal data or bank information. Sometimes they might ask for an upfront fee or tax to process your prize. In reality, there is no prize. The information or money you provide goes directly into the hands of scammers.

It’s key to remember that legitimate sweepstakes or lotteries do not ask for bank details or demand payment for prizes. If it sounds too good to be true, it probably is. Instead of providing any information or money, hang up the phone immediately.


Vishing exploits human susceptibility to persuasive and manipulative tactics by mimicking trustworthy entities over phone calls. Always remember to never share personal, sensitive, or financial data over the phone unless you have verified the legitimacy of the calling party separately.

Key Takeaways

  • Vishing is a tactic used by fraudsters to extract personal information via phone calls or voice messages.
  • Common vishing scams include bank call scams, tech support fraud, and prize fraud.
  • Scammers often pretend to be from a trusted entity like a bank or tech company to trick you into sharing sensitive information.
  • The best way to deal with vishing is to not share personal or sensitive information over the telephone unless you’ve independently verified the caller’s identity.
  • If you’ve fallen victim to vishing, immediately contact your financial institution and report it to your local law enforcement agency.

Related Questions

1. What is caller ID spoofing, and how does it relate to vishing?

Caller ID spoofing is a technique used by fraudsters to make the call appear from a trusted number or organization on your caller ID. This method increases their chance of success, as the recipient is more likely to pick up and trust a call from a known number. It’s frequently used in vishing attacks to trick victims into providing personal information.

2. What should I do if I get a suspected vishing call?

If the call asks for any personal or financial information, do not provide it. End the call and contact the organization or party they claimed to represent directly on their official number to verify the call. If the call was indeed a scam, report it to your local authorities and the organization they pretended to represent.

3. How can I protect myself from vishing?

Never share personal, sensitive, or financial information over a phone call you didn’t initiate. Always verify the caller’s identity by independently calling them back through an officially listed number. Be aware of the common signs of vishing: urgency, the demand for secrecy, and requests for personal or financial information.

4. Can vishing affect businesses?

Yes, businesses can also be victims of vishing attacks. An attacker might pose as a vendor, a bank, or another service provider and convince an employee to reveal sensitive company information. Therefore, businesses should train their employees to recognize and respond effectively to such threats.

5. Where should I report a vishing attack?

Report any vishing attack to your local law enforcement agency and your bank if your financial information is compromised. Also, in the U.S., you can report it to the Federal Trade Commission through their official website.

"Amateurs hack systems, professionals hack people."
-- Bruce Schneier, a renown computer security professional
Scroll to Top