Vishing, also known as voice phishing, is a type of attack in which criminals use phone calls or voicemail messages to try to get your personal information or money. It is a growing threat, with criminals taking advantage of the public’s lack of understanding about how vishing works. 

What Is Vishing?

Vishing is a type of social engineering attack in which criminals use phone calls or voicemail messages to try to access your personal or financial information. It works by using social engineering tactics to manipulate victims into revealing personal information or transferring money. It is often used in combination with other types of attacks, such as phishing and smishing.

Vishing can take many forms, including spoofed caller ID numbers, fake customer service numbers, and automated or prerecorded messages. Criminals may also use text messages or email messages to direct victims to specific phone numbers.

The Scam Goes Something Like This…

Vishing attacks typically start with a phone call or voicemail message from someone who claims to be from a legitimate business, law enforcement agency, financial institution, or another organization. The caller will often use a spoofed caller ID number to make it appear as though the call is coming from a legitimate source. The caller will then ask the victim to provide personal information or ask the victim to transfer money.

In some cases, the caller may ask the victim to provide payment information, such as credit card numbers, to complete a purchase. The caller may also ask the victim to provide access to bank accounts or other financial accounts. The caller may also ask the victim to download a malicious software program, which can then be used to gain access to the victim’s computer or mobile device.

Red Flags

Vishing attacks can be difficult to spot, as the caller may appear to be from a legitimate organization. However, there are some warning signs that can help you identify a vishing attack. One of the most common signs of a vishing attack is a request for personal information, such as bank account numbers, social security numbers, or credit card numbers. The caller may also ask for access to online accounts, such as email or social media accounts. A legitimate organization will not ask you for this information, especially not over the phone. 

The caller may also ask you to download a software program or ask you to transfer money to an account. If the caller is asking for any of these things, it is likely a vishing attack. Another sign of a vishing attack is a sense of urgency. The caller may try to rush you into providing information or transferring money or may try to make you feel guilty for not doing so. Finally, you should be wary of any caller who refuses to provide information about their identity or the organization they are calling from. A legitimate organization will be willing to provide this information.

How To Protect Yourself From Vishing Attacks

The best way to protect yourself from vishing attacks is to be aware of how they work. It is important to recognize the warning signs of a vishing attack and to be skeptical of any caller who is asking for personal or financial information. You should also be careful when downloading software or applications. Only download software or applications from reputable sources, and make sure to read the user agreement before downloading.

It is also important to be aware of your online security. Make sure to use strong passwords for all of your online accounts, and make sure to enable two-factor authentication if it is available. Finally, you should never provide personal information or transfer money to anyone over the phone. If you receive a call from someone asking for personal information or money, hang up and contact the organization directly to verify the request.

Vishing vs. Phishing

Vishing and phishing are similar in that they both rely on social engineering tactics to manipulate victims. However, there are some key differences between the two. The main difference is that vishing is done over the phone while phishing is done via email. These attacks are also more difficult to detect than phishing, as it can be much more difficult to verify the identity of the caller. Finally, vishing attacks can be much more difficult to defend against than phishing attacks. While phishing attacks can be blocked by email filters or other security measures, these attacks must be manually identified and blocked each time.

How To Report A Vishing Scam

If you suspect that you have been the victim of a vishing attack, you should report it to the appropriate authorities. You can report the attack to your local police department or to the IC3. You should also contact your bank or credit card company to inform them of the attack and to protect your finances. If you have provided any personal or financial information, you should consider changing your passwords and alerting any affected organizations.


Vishing is a growing threat, with criminals taking advantage of the public’s lack of understanding of how vishing works. To protect yourself from this type of attack, it is important to have an understanding of what vishing is, how it works, the differences between vishing and phishing, how to spot a vishing attack, and steps to protect yourself from vishing attacks. By following the steps outlined here, you can help protect yourself from vishing attacks and keep your personal and financial information safe.

Wanted: The Truth

Active Intel Investigations is here to help you with every aspect of your investigation, from conducting the investigation to preparing evidence to provide it in court.

Get started with your investigation, browse our video library for investigative resources, or schedule a no-obligation consultation with a licensed private investigator to discuss the specifics of your case.

active intel investigative research services