Voice phishing, or “vishing”, is a tactic used by scammers to try to defraud consumers over the phone. Typically, vishing scams employ robocalls to try to deceive consumers and acquire sensitive information or payment.

What is Vishing?

Vishing is a melding of the words phishing and voice. Phishing uses deceptive tactics to get consumers to reveal sensitive information. Vishers, or those who use vishing tactics, do so over a VoIP line rather than through a phishers normal lines of communication, such as email, sms, or a fake website.

Impersonating people or legitimate businesses for the sole purpose of obtaining this information is nothing new. Vishing is simply the newest form it’s taken. Actually, vishing has been a thing for nearly as long as VoIP has been a service.

Vishing uses scare tactics and manipulation as a trick to obtain confidential information. Vishers go so far as the stealing phone numbers through caller ID spoofing which makes their call look legitimate. Vishing’s goal is simple – steal a consumer’s money, their identity, or both.

What is the difference between phishing and vishing?

While phishing scams come from a variety of sources including email, websites, SMS and calls, vishing pertains to just the call aspect of phishing scams. Aptly named voice phishing for this reason. Vishing typically employs spoofed caller IDs from legitimate organizations. Most people don’t even know that caller ID spoofing even exists, so when a bank or law enforcement agency appears on a phone’s caller ID, it’s more likely to be answered.

Types of Common Vishing Scams

There are many forms of vishing scams. One form of vishing targets bank or credit card accounts. For instance, have you ever received a phone call stating:

We regret to inform you your account with us has been compromised. Please press “1” so we can guide you through resetting your password.

This type of vishing scammer hopes you’ll panic the moment you hear the message. They’ll expect you to react immediately to verify sensitive information. However caller ID spoofing only works for outbound calls. If a consumer calls back the spoofed number it will be received by the actual owner of the phone number.

Another example is the call that tells you you’ve won something or to notify you of a freebie you’re entitled to. But, to take ownership, you must pay shipping charges. Or another example is the phone call for a free cruise or vacation. In order to claim it, though, you must pay redemption fees. This is where they get you, they want your credit card details.

Caller ID Spoofing

Spoofing caller IDs is one of the most common tools scammers use when vishing. Not only does this mask who’s actually calling, but it allows them to appear as a credible business or organization to a consumer as well. Unfortunately, caller ID spoofing is incredibly easy to do, difficult to prevent, and proves effective. While legislation is in place to help combat this, deployment has been slow to protect consumers.

SMS Spoofing

While technically not considered vishing, many of the same actors using caller ID spoofing employ SMS spoofing to send out spam texts. Much like with caller ID spoofing, scammers are able to send text messages from spoofed phone numbers or email addresses to mobile phones. These often masquerade as legitimate businesses asking for consumer verification of, or an update to, their account information.

Other common scams include:

  • Card Services
  • Debt Collection
  • Gift Card Offers
  • Medical Alerts
  • Technical Support
  • Medicare

How Do Vishing Scams Affect Businesses?

Who are the usual targets of vishing?

While consumers are the primary targets of vishing scams, businesses often get caught up in these scams as well. Targeting businesses is less common, but there are fallout effects for businesses, too, from caller ID spoofing.

Scam-wary consumers quickly block suspicious numbers with call blocking apps. If the number being blocked is spoofed from a legitimate business, this can hurt the reputation of the business. Outbound calls may display as “scam likely” or “spam risk” making it harder to reach your customers or patients.

That said, it’s no reason for paranoia. But it does pay to be vigilant. These are some specific ways you can prevent becoming a victim of vishing:

  • Be wary and aware
  • Don’t succumb to pressure over the telephone, via email, or other means
  • Don’t answer calls from numbers you don’t know

How Can a Business Maintain Its Reputation?

While caller ID spoofing is near impossible to prevent at the moment, businesses can remain vigilant and actively monitor their outbound numbers for flags. Switching out outbound phone numbers that have been erroneously flagged is a good tactic to maintain your business’ reputation. Other ways you can stay on top of your business reputation include:

  • Educating your employees about suspected fraudulent activity
  • Never providing sensitive company info over the phone
  • Verify caller identities
  • Stay calm, and if you suspect your business has been targeted, report it to local authorities
  • Remain skeptical – Your caller ID might display your bank, a charity you know, or another company you do business with – the number could be spoofed.
  • Consider blacklisting numbers that call repeatedly

Monitoring your outbound phone numbers frequently is good way to mitigate reputation fallout from potential caller ID spoofing.