All articles

What is vishing?

Most people have received a call that sounds alarming and urges them to take immediate action to protect their bank account or prevent a hefty fine from the IRS. However, scammers continue to successfully target unsuspecting consumers to steal sensitive data, such as account numbers or payment information. As scamming methods evolve to impersonate legitimate businesses better, it is more important than ever for companies to take the necessary precautions to protect their consumers.

Businesses that make outbound calls must be careful about securing their channels and preventing spoofing. Even one vishing attack, in which an imposter pretends to represent your company, can damage your brand reputation and ruin consumer trust.

What is vishing?

Vishing is a scam during which cyber criminals use mobile or landline phones to steal personal information from individuals. The scammer calls a consumer to extract information by impersonating a legitimate business or a government agency. In an attempt to gain the trust of the call recipient, some scammers will provide personal information that they have found elsewhere to appear more trustworthy. Vishing attacks can come from an actual person, but they can also be automated robocalls or a combination of the two methods.

Differences between vishing, phishing, and smishing

As one might expect from the name of this scam, there are many similarities between phone vishing, smishing, and phishing. Vishing relies on phone calls to extract information, whereas phishing is usually an email-based scam. A phishing attack urges individuals to respond with financial information and login credentials or offers a link that contains malware to infect the device. Smishing is another similar scam that uses text messages that include either a link with malware or a phone number to call, leading to vishing. Each of these scams has the same goal: to steal sensitive data. 

It is important to understand voice phishing so that consumers can recognize an attack and protect themselves. It is equally essential for businesses to understand different vishing scams to preserve their reputation and reduce the likelihood of spoofing.


How does vishing impact businesses?

The impact on individuals is clear: Vishing exposes them to identity theft and financial loss. However, scammers who use voice phishing—especially those who impersonate legitimate companies—can seriously impact businesses. 

One way it impacts business is by creating a negative customer experience. Once a scammer has impersonated a business, 34% of consumers are suspicious of future calls from that business. Even if the consumer receives legitimate calls from them in the future, they are more likely to ignore the call due to previous suspicious activity. These resulting hesitations can be detrimental to customer experience ratings. 

It is difficult to regain consumer trust and communicating important information like the results of a medical test, updates to an account, and other critical and sensitive data can be challenging if you cannot get the customer on the phone. A negative customer experience also means wasted resources handling calls, emails, and other messages from disgruntled customers.

Another impact of vishing on businesses is a reputation hit. No company wants to be in the news for a data breach or obnoxious scam calls. Similarly, consumers hesitate to work with companies they associate with spam calls. In fact, 13% of consumers have switched brands after receiving an impersonation call.

Common vishing scams

Although a vishing attack can take many forms, there are some common methods that scammers favor. Vishing examples include:

  • Issues with a credit card or bank account. With a bank account or credit card scam, the caller will say that there is a problem with a recent payment or suspicious activity on the card and request specific information to resolve the issue. They may request that the consumer provide new payment instructions, an account number, an access code, or login information.

  • Unsolicited loan offers. These scams often reference a legitimate company and offer loan terms that sound too good to be true. Whether the scammer offers help paying off student loans or exceptional interest rates on a new loan, they typically insist that the consumer must act quickly to get the offer.

  • Medicare and Social Security scams. Phone phishing is one of the most common methods scammers use to target older adults. In a Medicare scam, scammers offer help enrolling individuals in different programs. They may also threaten to suspend or cancel the consumer’s social security number.

  • IRS tax scams. The IRS tax scam is one of the most prevalent vishing scams. The caller tells the victim that they owe money to the IRS and must pay immediately or face fines and possible arrest. The scammer may claim that there is an issue with a tax return or even suggest that there is already a warrant for the person’s arrest.
How consumers can spot a vishing scam

Consumers should be on the lookout for these telltale signs of a vishing scam when they answer any calls, both from unknown numbers and numbers that appear to be associated with a business. 

  • The caller claims to represent a government agency. Agencies like the IRS, Medicare, or the Social Security Administration do not initiate contact with you by phone unless you request information from them. 

  • There is a sense of urgency. The caller speaks quickly and urges the victim to act before it is too late. This sense of urgency applies to both scare tactics and special offers.

  • The caller requests personal information. Most businesses clearly state that they will never request personal information over the phone, so any caller who does so should raise suspicions.

How consumers can protect themselves from vishing

The best way to prevent identity theft or financial loss from a vishing attack is by following these suggestions. 

  • Don’t answer calls from unknown numbers. Most banks and government agencies will not initiate contact with consumers over the phone. It is also important to note that legitimate business numbers can be spoofed, so consumers should not rely on caller ID to determine which calls are safe.

  • Hang up any suspicious calls. If the caller requests personal information or does anything else that seems suspicious, consumers should hang up immediately. There is no obligation to carry on a polite conversation. The consumer can call the business back at their publicly listed number if the call is legitimate.

  • Don’t press buttons or respond to prompts. Some automated messages used for vishing can prompt the individual to push buttons for different options or to respond to questions. Doing so identifies the number as a potential target for additional spam calls. Scammers can even record voice responses and use the recordings later for voice-automated phone menus.

  • Verify the caller’s identity by calling the company back at the online official number. Consumers should never use a phone's callback function to verify whether a call is legitimate or a scam. Instead, they can call the company associated with the call at the official company public phone number.

What can businesses do about vishing?

The FTC has taken steps to reduce the impact of spoofing on consumers by implementing the STIR/SHAKEN framework. However, this framework only reveals illegal call spoofing. It does not stop or reduce the number of times that spoofing occurs, so it should not be the only thing businesses rely on to protect themselves from the effects of vishing.

Businesses can incorporate Hiya’s Branded Call into their communication with consumers to demonstrate trustworthiness to consumers. With Hiya’s Branded Call, companies can display their name, logo, and call reason on the screen of the call recipient. This transparency signals that the call is from a trusted source and is not a scam. With improved trust between consumers and businesses, you can have productive conversations with your customers again.

Learn more about 4 Steps to Minimize Fraud & Maximize Security in Your Voice Channel to start protecting your company and customers from vishing attacks today!

Author Hiya Team