What is a Vishing Attack and How to Avoid It?

Table of Contents

  • By David Lukic
  • Published: Jan 27, 2022
  • Last Updated: Mar 18, 2022

Hackers and scammers are crafty; they're always coming up with new ways of tricking people into divulging personal information. They will use any possible way to get to potential victims, including through snail mail, email (phishing), or SMS (smishing). Vishing is another tactic that attempts to get personal information through phone calls (the word is derived from V for voice, plus "fishing").

These scams target millions of people a year, and many fall victim due to the urgent nature of the messages. Phishing and smishing scams most often trap young people who rely heavily on their mobile devices and trust the information that comes through them. The FBI says that almost 7 million new web pages were created in 2020 to enable phishing attacks. These spoof the websites of legitimate banks or businesses to trap their victims into giving up essential information. More than 67 percent of those who mindlessly click on a link provided in a phishing email end up providing the scammers with personal information.

Who are Vishing Victims?
 

Older people are more likely to be targets of vishing through live calls or voice mail messages as landline phone numbers are easier to find than cell phone numbers. Scammers who target older people via telephone calls have had success pretending to be from government agencies, according to the Federal Trade Commission. Saying they're from the Social Security Administration, scammers claim the victim's account is "locked," and personal information such as a Social Security number is needed immediately. At other times the callers pretend to be from the police, looking for immediate bail money for a family member.

What are Vishing Tactics?
 

Beware that these scammers may also use the Covid-19 virus and contact tracing as a ruse to get your personal information. For instance, they may say that someone who is infected reported that they had contact with you. Then they will likely ask for your birthdate, address, and perhaps a credit card number to send you an at-home test.

Vishing is one of the many ways that a person with malicious intent may try to get:

• A bank or credit card account number.
• A PIN.
• A password.
• Your birthdate, social security number, or other personal information.
• An answer to a security question on your account.

Vishing attack prevention

How Vishing Attacks Work
 

Vishing attacks are done by scammers using computer programs that dial dozens of phone number combinations simultaneously, hoping to get someone to answer. Once the call is answered, the scammer launches into an excited description of a dire event that requires immediate action. They might pretend to be a police officer in possession of a lost or stolen credit card or a bank officer who needs to confirm the victim's account was not hacked.

The common characteristics of these phone calls include:

  • Pretending to be from an official agency (such as the police), a business, or a bank
  • A sense of urgency
  • A need for immediate information or answers.

The technology used by vishing attacks often hides the phone number where the call is originating. The victim's caller ID may show "restricted" or "out of area." More sophisticated attackers may be able to spoof their number so that the call appears to be coming from a town near the victim, perhaps the city where the bank or credit card company is located.

Once a scammer gets personal information from a victim, they may hack the victim's account directly. People often have two-factor authentication enabled on accounts, making direct attacks more difficult. If that's the case, the hacker may only sell the victim's personal information on the dark web, where another person may collect and compile this data until there's enough to hack an account.

How to Avoid Vishing Attacks
 

There are various ways to reduce the likelihood of being a vishing victim. One is always to be skeptical of any phone call you did not initiate about an account. In addition, consider these steps:

  • Register your landline phone for the Do Not Call Registry to reduce the number of scam calls you receive. If fewer calls are coming in, the chance that you will be a victim is reduced. Use a blocker that prevents most spam calls from getting through—these range from hardwired devices that filter phone calls to NoMoRobo subscription services.
  •  Make it a hard-and-fast rule to provide no personal information over the phone to anyone who calls, regardless of how urgent the situation appears to be.
  • Always put the phone down and look up the bank, school, or other institution that is allegedly contacting you. Call them back using a number you find on an official website or a statement you received in the mail.
  • Remember that official communication from banks, the Social Security Administration, the Internal Revenue Service, and similar institutions are done by letters, not phone calls that seek immediate action. No official source ever tells a person they must pay a fine in gift cards to avoid arrest.
  • Stop and think twice about answering requests from anyone who calls. Scammers are always changing their tunes and may say they are from a package delivery service but need to confirm your credit card number, or that you won a sweepstake but need to pay a small fee to release the cash winnings. They will lie about being from the police, a funeral home, a hospital, or anywhere that may convince their victims to reveal personal information.
  • Don't answer the phone. If you answer the phone when a vishing attacker or spam caller is on the line, it confirms that your phone number is legitimate so that it will stay on their list of future calls. If you screen or ignore spam calls and let them go to voicemail, you are less likely to be targeted in the future.
  • For added security, check your credit reports regularly (each person is entitled to one free credit report per year from each of the three major credit reporting agencies). This will tell you if anyone is fraudulently using your personal information or has opened an account in your name. In addition, you may put a freeze on your account to prevent another person from using your name or personal information to open a line of credit or take out a loan.

Table of Contents

About the Author
IDStrong Logo

Related Articles

Secure Wi-Fi and Wireless Technology Security Tips

Your Wi-Fi network is another handy access point that hackers use to infiltrate your computers, st ... Read More

How Does a VPN Work and How to Choose one

VPN stands for virtual private network. It allows you to hide your public IP address and browse pr ... Read More

Complete Guide to Android Security

The Android platform offers a ton of flexibility and customization for users. However, all that fr ... Read More

Increase Your Google Privacy Settings in 4 Easy Steps

In this time of digital transparency and data breaches, it’s more important than ever to fee ... Read More

Instagram Privacy Policy: What You Should Know?

Instagram is a great place to share your best photos and messages with your followers, but have yo ... Read More

Latest Articles

What Are Pretexting Attacks: Scam Types and Security Tips?

What Are Pretexting Attacks: Scam Types and Security Tips?

Have you ever received a text from someone you do not know? Did you become alarmed by the message? Did the message contain information about you and the people you know?

What is a Time-based One-time Password (TOTP)?

What is a Time-based One-time Password (TOTP)?

Authentication is the process that verifies the user's identity to control access to resources, prevent unauthorized users from gaining access to the system, and record user activities (to hold them accountable for their activities).

Corporate Fraud: Detection, Prevention, and the Role of Corporate Fraud Attorneys

Corporate Fraud: Detection, Prevention, and the Role of Corporate Fraud Attorneys

The growing scale of organizations and the more opportunities to push the boundaries have led to an upsurge in corporate fraud in recent years.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Notice

By proceeding with this scan, you agree to let IDStrong run a Free Scan of supplied parameters of your personal information and provide free preliminary findings in compliance with our Terms of Use and Privacy Notice. You consent to us using your provided information to complete the Free Scan and compare it against our records and breach databases or sources to provide your Free preliminary findings report.

Rest assured: IDStrong will not share your information with third parties or store your information beyond what is required to perform your scan and share your results.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address
Close