Get your free and exclusive +30-page Authentication Analytics Whitepaper
Back to Overview

What is Vishing? - Protecting Against Voice Phishing

Understand what vishing is, how it differs from phishing, and effective strategies to protect yourself from this type of social engineering attack.

Vincent Delitz

Vincent

Created: May 17, 2024

Updated: February 13, 2026

Vishing, Short for voice-based Phishing, is a Phishing attack where attackers impersonate other persons or institutions in a phone call.

What is Vishing?#

Vishing (voice-based phishing) is a social engineering attack conducted via telephone, where attackers impersonate other persons or institutions to extract personal information. These attackers often pose as government officials, bank representatives, or tax agents to exploit the trust and authority perceived in these roles.

Using psychological manipulation, they may threaten or deceive victims into disclosing sensitive information, crucial for committing fraud or accessing financial accounts. This form of attack leverages voice communication to increase the urgency and authenticity of the threat, making it a potent variant of phishing.

  • Vishing is voice-based phishing via telephone.
  • Attackers pose as trusted authorities to extract personal data.
  • Commonly involves threats and psychological tactics to coerce action.

Understanding Vishing Attacks#
  • Mechanisms: Vishing calls may use voice-altering software and spoofed caller IDs to seem legitimate, enhancing the scam's credibility.
  • Techniques: Attackers employ tactics such as urgent voicemails or direct calls, claiming severe consequences like arrest or financial loss to elicit quick responses from victims.

Vishing vs. Phishing and Smishing#
  • Phishing: Primarily email-based, uses deceptive emails to steal data.
  • Smishing: Uses SMS texts, often leading victims to malicious websites.
  • Vishing: Involves direct voice calls, creating a more immediate and personal sense of urgency.

Prevalence and Sophistication#
  • Increasing use of deepfake technology allows vishers to clone voices convincingly, making the scams harder to detect.
  • Often combined with other tactics like smishing, enhancing the attack's effectiveness.

Vishing FAQs#

What distinguishes vishing from phishing?#

Vishing uses telephone calls as its medium, while phishing is predominantly through emails, exploiting different aspects of human psychology.

How can one identify and prevent vishing attacks?#
  • Be cautious of unsolicited calls demanding personal information.
  • Verify caller identities by contacting organizations through official channels.
  • Employ caller ID and spam filters to screen potential vishing attempts.

Why is awareness of vishing important?#

Understanding vishing helps individuals and organizations protect sensitive information and prevent financial losses.

What steps can be taken if you suspect a vishing attempt?#
  • Do not engage or provide personal information.
  • Report the incident to relevant authorities and inform your organization's security team.

See what's really happening in your passkey rollout.

Start Observing

Share this article

LinkedInTwitterFacebook

Table of Contents

Related Terms

Related Articles

invisible mfa

How Invisible MFA with Passkeys Solves the MFA Problem

Vincent - January 18, 2024

psd2 passkeys

PSD2 Passkeys: Phishing-Resistant PSD2-Compliant MFA

Vincent - February 7, 2023

passkeys cheat sheet

Passkeys Cheat Sheet for Developers

Lukas R. - March 6, 2024