Vishing (voice phishing) is a type of social engineering attack where scammers use phone calls to trick people into giving up sensitive information, approving access, or taking actions that compromise security. Because phone calls feel personal and urgent, vishing attacks are often very convincing.
This guide explains how vishing works, how to recognize it, and how to protect yourself.
-
What is Vishing?
Vishing is a cyber scam carried out over the phone or voicemail. Attackers pose as trusted individuals or organizations to manipulate victims into sharing information or performing actions. Scammers may pretend to be:- Your IT provider or help desk
- Microsoft, Apple, or another technology company
- Your bank or credit card provider
- A government agency
- A coworker, manager, or vendor
-
Why This Matters
A successful vishing attack can:- Lead to stolen passwords or MFA codes
- Allow attackers to reset accounts or gain remote access
- Result in unauthorized financial transactions
- Be used as a stepping stone for larger attacks
Common Types of Vishing Attacks
-
1. Fake IT or Tech Support Calls
Scammers claim to be from:- Microsoft or a software vendor
- Your internal IT department
- Your managed service provider
- “There is suspicious activity on your computer”
- “Your account has been compromised”
- “We need to fix something urgently”
- Get you to share passwords or MFA codes
- Convince you to install remote access software
- Walk you through “fixing” an issue they invented
-
2. Bank or Financial Scams
Callers may claim:- Fraud was detected on your account
- A payment or charge needs immediate verification
- Your account will be frozen without action
- Confirm account details
- Approve a transaction
- Provide verification codes
-
3. Impersonation Calls
Attackers may pretend to be:- A coworker or manager
- A vendor or supplier
- Someone “new” who urgently needs help
-
4. Voicemail Callbacks
You may receive a voicemail stating:- “This is urgent, please call back immediately”
- “Suspicious activity detected”
- “Your account is at risk”
Warning Signs of a Vishing Attempt
Be cautious if you notice:
-
Be cautious if a caller:
- Creates urgency or panic
- Pressures you to act immediately
- Asks for passwords, MFA codes, or login approvals
- Requests remote access to your device
- Discourages you from verifying their identity
- Uses vague or threatening language
How to Protect Yourself
-
1. Never Share Credentials or Codes
No legitimate company or IT provider will ever ask for:- Your password
- One-time passcodes
- MFA approval numbers
-
2. Do Not Trust Caller ID
Caller ID can be spoofed. A call that appears to come from a trusted number may still be fraudulent.
-
3. Verify Independently
If a call claims to be urgent:- Hang up politely
- Contact the organization using a known, trusted number
- Verify through management or your IT provider
-
4. Slow Down
Attackers rely on rushed decisions. Take a moment to think before responding.
What To Do
-
What to Do If You Suspect Vishing
If you receive a suspicious phone call:- Do not provide any information
- Hang up the call
- Report it to your IT provider or manager
-
What to Do If You Shared Information
If you believe you may have:- Provided information
- Approved an MFA request
- Installed software
- Followed instructions from a caller
- Stop the interaction
- Contact your IT provider right away
- Do not attempt to resolve the issue yourself
-
Quick Checklist
Before responding to any unexpected phone call, ask yourself:- Was I expecting this call?
- Is the caller pressuring me to act quickly?
- Are they asking for credentials or codes?
- Have I independently verified who they are?
Remember
You are never required to help someone over the phone without verification.
If you are ever unsure, contact UNI Data Inc. for assistance.
