What is Vishing?

A Vishing Attack is a form of phishing that starts with the letter v – which in this case stands for voice. Vishing, or voice phishing, involves a bad actor using the somewhat old fashioned method of a phone call to fraudulently collect someone’s personal information. While a common target is credit card or bank account information, attackers may also go after credentials like user names and passwords from popular websites and applications. Vishing can also be seen as a fancy name for phone or telemarketing scams, which have been around as long as phones.

How to Recognize This Threat: There are multiple methods attackers may use when it comes to vishing. While they could launch via a direct call to an unsuspecting victim, often, vishing attacks will come via email. A message may appear to be from a legitimate vendor like Amazon or Apple, or a government agency like the IRS.

But in reality, they point to a phony phone number with a fraudulent call to action, such as requiring a user to call to confirm personal information to avoid penalties or to track an order that never occurred. On the other end of the line, there may be a real person posing as a customer service associate in the more convincing attack methodologies. In other cases, it may be a voice to text program, and could in fact use audio deepfakes to pose as another legitimate person.

How to Prevent This Threat: The top form of prevention is a suspicious eye (and ear). In the case of an email attack, typically there will be typos or a sender address that’s a little off. And in almost any situation, legitimate companies and government agencies will not reach out in this manner to collect personal information.

If you’re not sure, go directly to a confirmed contact with the company/agency and ask. Don’t blindly follow the instructions of the email. If the attack is via a direct call, again, remember these entities are not cold-calling you for personal information, so don’t volunteer it right away until you confirm the veracity of the request.