What is Vishing?

Vishing is a scam technique that involves the use of voice over Internet protocol (VoIP) to convince people that they are interacting with a legitimate business so they will turn over personal information. Consumers can take a number of steps to protect themselves from vishing attempts and a number of public safety organizations, as well as financial institutions, provide people with information about this tactic and how to avoid becoming a victim.

In some forms of vishing, the scammer uses caller identification spoofing to make a VoIP phone number look like a legitimate, recognized number. Both the number and the name associated with it can be changed with some programs, allowing scammers to make their calls appear to be originating from a real institution. Because VoIP is cheap, scammers can dial hundreds or thousands of numbers at once. When they make contact, they inform the person on the other end that an account has been compromised, and ask for verifying information such as account numbers and personal identification numbers.

Other forms involve sending out an email purporting to be from a financial institution or another trusted entity, directing people to call a phone number and provide information when prompted. The phone number dials through to a VoIP account that usually uses a recording to prompt the caller to submit account information and other data. No matter which method is used, once the data has been collected, the visher can use it for a variety of illegitimate transactions.

Vishing can be used in identity theft, scams intended to clean out bank accounts, and other activities. It takes advantage of the fact that while many consumers are more wary about email, thanks to extensive public awareness campaigns, many people trust phones, particularly landline phones. Phone service is believed to be linked with a physical address and a real person that the phone company can bill and so people often assume that phone calls are legitimate.

One of the best ways to avoid vishing scams is to always call a financial institution directly, using the number provided on the documentation for the account. If a phone call is received from someone claiming to represent a bank, credit card company, or other institution, the customer should explain that he or she is going to hang up and dial the institution's direct number. If the caller is legitimate, the customer can be provided with the caller's name and extension so the customer can jump through the waiting call queue. If an email claiming to be from a financial institution is received, rather than replying, following a link in the email, or calling the phone number listed in the email, the customer should call the institution directly using the number printed on statements.