Cybercriminals don’t just lurk behind screens—they also use the phone as a powerful tool for deception. This tactic, known as vishing (short for “voice phishing”), involves using social engineering over the phone to trick individuals into revealing confidential information or taking harmful actions.
How Vishing Works
Scammers can disguise their identity by calling from blocked, “spoofed,” or private numbers. This makes it easier for them to impersonate a trusted coworker, a company executive, a government agency, or even a vendor you regularly deal with.
While it may seem harmless to confirm an employee’s job title or share an internal process, even small bits of information can help criminals piece together the details they need to compromise your organization. Names, ID numbers, and other seemingly low-risk data can be surprisingly valuable in the wrong hands.
How to Spot – and Stop – Vishing Attempts
Be cautious any time you’re asked for personal or company information over the phone—especially if you didn’t initiate the call. Before providing details:
Verify the source. If the caller claims to represent another organization, cross-check their number with the official contact listed on that organization’s website.
Check internal directories. If the caller claims to be from your own company, confirm their number using your internal contact list before sharing any information.
It’s Not Just About Work
Vishing attacks aren’t limited to corporate targets—criminals also aim to collect personal information. Avoid answering calls from numbers you don’t recognize, and never call back numbers provided in unsolicited emails, ads, or pop-ups without confirming their legitimacy.
Bottom line: If a call doesn’t feel right, trust your instincts. Pause, verify, and only proceed if you’re absolutely certain the person on the other end is who they say they are.