Vishing combines 'voice' and 'phishing' to describe social engineering attacks conducted by telephone or VoIP. Attackers pose as bank staff, IT support, utility providers, or other trusted entities to manipulate victims into disclosing confidential data or granting system access.
Unlike email phishing, vishing exploits the human tendency to trust voice communication more readily than written messages. Attackers use caller ID spoofing to display legitimate-looking numbers, create plausible urgency ('your account will be locked'), and ask direct questions designed to extract information.
Common vishing scenarios include:
- Fake bank calls claiming fraudulent activity on your account
- IT support requests asking for passwords to 'verify' your identity
- Utility companies threatening disconnection without immediate payment
- Tax authority impersonation demanding payment details
Vishing succeeds because it feels personal and immediate. The attacker can respond to your questions, adapt their story, and create emotional pressure far more effectively than an automated email.
How to protect yourself: Never provide passwords, PINs, or payment details over unsolicited calls. Hang up and ring the organisation back using a publicly listed number. Legitimate companies rarely ask for sensitive information by phone. Be suspicious of unexpected urgency or threats. Enable multi-factor authentication so stolen passwords alone cannot compromise accounts. If you're unsure, verify the caller's identity independently before continuing any conversation.