What is Vishing? Examples & Ways to Avoid Voice Phishing

You get an unexpected call, and you answer reluctantly. The person on the other end speaks quickly. They say your personal information is at risk. You need to act right away to fix the problem.

They might know some basic information about you, which could put you at ease — but don’t let your guard down. These calls are often a form of voice phishing, or vishing, perpetrated by scammers who want to steal your information for financial gain.

Here’s what to know about vishing, common types of scams, how to recognize them and protect yourself and more.

What is Vishing?

Vishing attacks are different from phishing attacks. While phishing mainly uses email to steal your personal information, vishing happens over the phone. Scammers might use voice phishing to get your personal information. This includes your Social Security number, bank account and PIN.

In vishing scams, a person or robo-caller contacts you over the phone. They might claim a bad actor has accessed your personal or financial information, and that they’re going to help you address the problem. In reality, the person or robo-caller on the other end wants your personal information. They often do this for financial gain.

These scammers can be incredibly convincing, so it may be difficult to recognize that you’re on the other end of a vishing call. The perpetrator might know some basic information about you. They may have an official-sounding title or call from a number that seems real on your caller ID. Besides being convincing, fraudsters often use sophisticated techniques to trick their victims.

Examples of Vishing

Vishing attacks have cost consumers billions of dollars. The Federal Trade Commission (FTC) reported that fraud damage reached over $10 billion in 2023. Per the FTC, email is the top channel scammers use to target victims, followed by phone and text message.

Vishing scammers may pretend to be from organizations like the IRS, your bank or your employer. They might also act like a hospital or healthcare provider. For instance, you might receive an unexpected call from someone claiming to be an IRS auditor who claims you have an unpaid tax bill.

Scammers also may ask you to pay the bill right away. They might also threaten legal action if you don’t share your financial information over the phone.

Maintaining awareness and staying informed about these scams is crucial in avoiding them. By doing so, you can safeguard your identity and financial information.

Below are some examples of vishing attacks that have affected consumers.

Spectrum Health/Priority Health

In 2022, Spectrum Health warned patients about fraudsters. These scammers pretended to be Spectrum and Priority Health employees. They called people to trick them into sharing their member numbers and other private health information. Scammers then used that information to defraud patients, asking for money and access to their personal phones.

Navy Federal Credit Union

Vishing scams are also a persistent problem in the financial services industry. In 2022, Navy Federal Credit Union reported that scammers called their customers pretending to be member services representatives. The fraudsters wanted to steal account information, credit card numbers, and login details. Their goal was to take money from their victims.

Common Types of Vishing

Several types of vishing scams exist, and understanding how they work is the first step in protecting yourself. Here are some of the techniques vishing scammers may use to trick people into sharing sensitive information:

• AI-based vishing: Scammer uses AI technology to impersonate a human voice.
• Robocall: Scammer uses an automatic dialing tool and a pre-recorded script.
• VoIP: Scammers use voice-over IP technology to increase their attacks. They make it look like the call is from a real company or organization.
• Caller ID Spoofing: A scammer uses a fake number that looks real to trick targets. This is like VoIP vishing but usually happens on a smaller scale.
• Dumpster Diving: Scammer uses a person’s or company’s trash to collect personal information on potential targets.
• Tech Support Call: A scammer pretends to be a tech support worker from your company. They say there is a problem with your computer, like a hack.
• Voicemail Scam: A scammer leaves a voicemail on your phone, claiming there is an urgent problem. The message includes a callback number or a link to malware in the voice-to-text.
• Client Call: Scammer pretends to be a recent client attempting to collect payment for an invoice.

Common Vishing Scams

Scammers also use a few different methods to attempt to gain access to sensitive, personal or financial information. Common vishing scams include:

• Fixing an issue with your account: A scammer tries to trick you into thinking your bank or credit card information is unsafe. They may demand that you share your routing number, account number, PIN or other account info to rectify the problem.
• Demand for payment: Scammer poses as the IRS or a client and demands immediate payment of a bill. They may threaten you with legal action if you don’t pay quickly.
• Technical support: A scammer pretends to be a technical support worker, often from your company. Their goal is to get your employee credentials or access your work computer.
• Enrollment scams: Scammers may pretend to be from a real organization. They might ask you for personal information or money to enroll in a program.
• Collecting an award or special offer: Scammers might say you’ve won a special award, like a gift card or cash prize. They may ask you to pay a small fee to claim it.

How to Recognize Vishing Attacks

Unfortunately, scammers have become quite skilled. They plan convincing attacks and use persuasive language. This creates a sense of urgency in their victims. While some of these scams may be sophisticated, you can still recognize a vishing scam if you know what to look for.

Here are some red flags and social engineering tactics scammers may use:

• Unsolicited calls
• Unexpected requests for personal or financial information
• Urgent language
• Threats or pressure
• Poor audio quality
• Robotic-sounding audio

Ways to Avoid Vishing

If you’re concerned about falling victim to a vishing scam, there are a few things you can do to protect yourself. Most importantly, never share personal or financial information with an unsolicited caller, no matter how persistent the person on the other end of the line may be. While you can’t prevent vishing entirely, you can take steps to avoid vishing, including:

• Verifying contact information: If you receive a suspicious call from someone saying they are from your bank and asking for your personal information, hang up immediately and contact the caller using the phone number provided on your bank card or the bank's website.
• Blocking or ignoring unknown callers: Ignoring calls from unknown numbers or blocking those numbers entirely can also help you protect yourself.
• Joining ‘do not call’ registry: Consider adding your number to the Federal Trade Commission’s ‘National Do Not Call’ registry to reduce the amount of telemarketing or spam calls you receive.
• Protect your account or identity: Check your accounts regularly and consider signing up for an identity theft protection service.
• Don’t share your information: If an unsolicited or unexpected caller asks for your personal information over the phone, do not provide it.

Since vishing is a problem in the financial services industry, banks can also share educational information about common scams and techniques to help protect their customers and prevent fraud. Beyond that, providing a dedicated outlet for customers to report fraud is imperative.

It’s important to know that Seacoast Bank will never ask its customers for:

• Online banking credentials
• Full social security number
• Full debit card number (last 4 is a common identifier)
• One time numeric passcodes

Note, if a customer has a security passcode on their account, this will be requested with every call. When customers call Seacoast Bank we will ask for verifiers, such as last 4 of social security number, last 4 of driver's license or the zip code of your address.

Seacoast Bank will never ask its associates for:

• MFA codes
• Passwords
• Social security number
• Address
• Personal financial details
• Do you Bank with seacoast Bank
• Routing numbers
• Account numbers
• State/ geography they are calling from
• Marital status
• Driver’s license number

Vishing isn’t the only type of scam out there. Being aware of text, email and payment app scams is also important. Fraudsters use these channels to try and obtain personal and financial information from their targets.

To protect yourself, do not share your information, click on suspicious links or accept any unexpected payment requests. Learn more about red flags that could signify a scam.

What to Do If You Receive a Vishing Call

If you suspect you’ve received a vishing call, hang up immediately. Do not engage with the person on the phone or share any personal information.

If you are unsure, ask for verification of the caller's name and department. Then hang up and use official channels: contact your bank using the official number found on their website or your bank card.

Conclusion

Vishing has become increasingly common, and scammers have become much more sophisticated in their approaches. That said, you can take steps to protect yourself. Knowing about common vishing scams can help you protect your personal and financial information.

If you’re worried a scammer has targeted you, Seacoast can help. Learn how to report scams and fraud.