What is “Vishing”?
Vishing stands for voice phishing. It is the fraudulent practice of making phone calls pretending to be from reputable companies or colleagues within your organisation, to get individuals to reveal personal information or login credentials/codes. They may also be trying to get control of your computer or get information that builds on a broader deception of some kind.
How does vishing work?
Scammers usually start by phishing for victims online.
This might include sending phishing emails, with the aim of getting a potential victim’s phone number, which they can then use as part of the scam. They might also look at social media or company/personal bios to help build trust later.
They use fake caller ID profiles to appear legitimate.
Typically, visher scammers create fake caller ID profiles (including on WhatsApp) so that the phone numbers they’re calling from seem legitimate and from a local area code or a trusted business.
They pose as a trusted organisation/colleague to gain sensitive information.
Visher scammers usually pose as a trusted source – for instance, a manager at your place of work, someone from a bank, credit card company, HMRC or a service provider – to trick you into handing over personal information. Typically, they’ll make vishing requests sound urgent to panic their victims into acting without thinking first
They aim to use your personal information, or that of your colleagues, for their own gain or to validate and perpetuate a larger scam.
In early communications they may simply try and build a dialogue to gain trust and the information they are pursuing might not be obvious.
They then may try and insert themselves into conversations in and around money movement in an attempt to intercept those funds. Once scammers have got the sensitive information they require, like a victim’s credit card details, it can be used to commit financial theft.
How can you avoid falling victim to a vishing scam?
Here are a few simple measures you can take:
- Be wary of calls outside of normal working hours.
- Avoid answering phone calls from unknown numbers. Instead, let them go to voicemail – if it’s important they’ll leave a message which you can then use for verification.
- Don’t share your personal information over the phone. Banks, credit card companies and service providers will never call asking for sensitive information.
- If in doubt, politely end the call then ring the company or individual yourself (sourcing the number independently of the current communication), so you can be sure it’s legitimate or not.
- Be sure to report any vishing attempts straight away. The sooner you do, the quicker the scam will be squashed.
- Any attempt to convince you to download, connect to your computer, or click links should be a red flag.