Vishing (voice phishing/phonographic fraud) is a type of fraud or social engineering attack that uses the telephone system to acquire sensitive information such as usernames, passwords, and other personal information. In a vishing attack, the victim’s phone rings and an automated voice asks them to verify personal information or ask them to enter it into their telephone keypad. The criminals then use the information they have gathered to access private accounts, steal money or perform other criminal activities.
In most cases, vishing attacks are initiated by email or text message. These messages may instruct the user to call a number and provide customer support representatives with their account or credit card numbers. In some cases, automated voice messages are used. The message attempts to convince the user that their account is at risk and prompts them to call a customer support number and provide personal information. Once the information is provided, the criminals can use the data to access bank and other financial accounts.
The methods attackers may use to initiate a vishing attack are often difficult to detect. Attackers may use techniques such as spoofing caller IDs or using text-to-voice services to disguise their identity. It is also common for attackers to use visual cues such as logos and website addresses to convince victims that the contact is legitimate.
Vishing attacks are difficult to detect and prevent. It has become increasingly difficult to tell legitimate customer support calls from malicious ones. To protect yourself, it is important to be aware of potential signs of a vishing attack and verify all customer service contacts before providing any personal information.