Vishing, short for "voice phishing," is a type of cyber attack that uses voice and telephony technologies to trick targeted individuals into revealing sensitive information. It is a form of social engineering where cyber criminals use savvy tactics to steal personal confidential information from victims. Vishing attacks are carried out against both individuals and businesses, usually for monetary gain, although it might be motivated by other objectives, such as political, competitive or retaliatory activities.
Vishing attacks can occur over a landline, cellular network, or a Voice over Internet Protocol (VoIP) system. Scammers who carry out vishing campaigns use an assortment of tactics to get their targets to divulge confidential information. They might call their targets directly or leave voice messages. They might play recorded messages or speak directly to their targets. For example, during tax season, criminals will leave messages pretending to be from the IRS. And during the COVID-19 pandemic, cyber criminals called people promising vaccines and testing kits if they provided their bank account information and mailing address.
Vishing is similar to phishing and smishing, which are all cyberattacks with similar end objectives, but they use different techniques. Phishing is executed using email, while vishing is performed over the phone using a voice call. Smishing, on the other hand, uses text messages to steal information and commit further cyber crimes.
To prevent vishing attacks, it is important to be skeptical of any caller that wants sensitive information and never give any caller sensitive information regardless of where the caller claims to work. It is also important to practice good cybersecurity to prevent vishing attacks, such as using strong passwords, keeping software up to date, and being cautious of suspicious emails, text messages, and phone calls.
