“Vishing” or voice-phishing, is a type of cybersecurity attack in which the perpetrator attempts to gain access to sensitive data over the phone. Scammers typically seek financial details or Social Security numbers, but passwords and other data can also be the goal. Two common examples of vishing scams include pretend calls from a bank or credit union claiming your account is compromised or the IRS claiming you owe money, and to take action immediately. Unfortunately, these attempts are successful and lead to monetary loss and identity theft.
How to Detect a Vishing Attempt
- A pre-recorded message. Many vishing calls will have an automated message claiming you’ve won a free prize or that your urgent response is required to prevent a financial penalty.
- A request for sensitive information. If someone asks for your Social Security number or other personal details, it’s a strong sign of a vishing attack
- Posing as a government official. Scammers may claim to be from a federal agency, such as the IRS, but legitimate government officials will never call, email or text to ask for money or personal information.
- Using an aggressive manner. A phone call allows scammers to catch victims off-guard more than an email or letter.
How to Combat Vishing
- Screen calls carefully. If you don’t recognize a number, let it go to voicemail.
- Be suspicious of unsolicited calls. If you suspect that a call is a vishing attack, hang up immediately. Don’t answer their questions or press any buttons.
- Never share personal data – including SSN, passwords, driver’s license or passport information, financial information.