What Is Voice Phishing (Vishing)? Can You Avoid It?

How Does Voice Phishing Happen?

Voice phishing, otherwise known as vishing, is a phishing attack in which scammers use calls and voicemails to pressure victims into giving up sensitive information. 

There are many variations of vishing scams, but a fraudster posing as a person or organization that you trust is a common denominator.

For a teacher in Anaheim, California, it was an imposter who claimed to help discharge student debt [*]. After the teacher provided credit, debit, and Social Security number (SSN) details, $1,200 disappeared from their account. Inevitably, the teacher became a prime target for identity theft.

Fraudsters use technology to their advantage, too — via Voice over Internet Protocol (VoIP) and auto-dialing to place thousands of robocalls every day. Other software helps scammers spoof caller IDs; and voice generators or deepfakes can mimic real people [*].

Learning the signs of voice phishing and guarding against scam calls can keep you from joining the 33% of Americans who’ve fallen victim to phone scams [*].

Examples of Voice Phishing

Knowing how vishers execute different types of scams can help you recognize and avoid them. Here are some of the most common types of vishing attacks in the United States.

One-ring phone scams

Ever hear your phone ring once and then stop? It could be a cybercriminal trying to trick you into calling them back. To make their scams more realistic, fraudsters mask the number on your caller ID or use numbers that appear to originate from local area codes.

In reality, they may be calling from places like Sierra Leone or the Dominican Republic [*]. If you call back the spam number, you’ll likely pay international calling fees — and you may be coerced into sending money or sharing personally identifiable information (PII).

Fake kidnapping calls

Across the country, parents have received harrowing vishing calls from scammers pretending to have kidnapped their children. In the background, scammers play recordings of artificial intelligence (AI)-generated voices (sometimes even in a native language), making such calls seem real [*]. 

Willing to go to any length to protect their children, parents pay ransoms through payment apps such as Zelle or Venmo.

In other variations of the scam, fraudsters impersonate security guards or police officers. In Oregon, a father received a phone call from “campus police,” explaining that his son, a tight-end for OSU’s football team, was in custody for being drunk and disorderly after a game [*]. 

The father was told that he needed to pay hundreds of dollars to keep this news from being leaked to the media.

Grandparent scams

In grandparent scams, grifters pose as close family members who are, ostensibly, in danger. They use data they can find online, like family members’ names, job titles, and areas of residence, to make their stories airtight.

Some even use AI to imitate a family member’s voice. In Newfoundland, Canada, eight seniors fell victim to AI-based vishing scams in a span of three days [*]. Imposters sounded just like the victims’ family members, persuading them to pay sums exceeding $20,000 per scam.

🛟 Related: The Best Identity Theft Protection for Seniors →

“Can you hear me?” scam calls

In another vishing scam, swindlers start a phone call by asking if you can hear them [*]. When you say yes, they know that you’ve taken their bait.

From there, they can go full bore into a scam story, sell your active number to other telemarketers, or record your voice and use it to authorize charges to your credit card.

Extended warranty scams

Fraudsters also pose as customer service representatives or car dealers. They may claim that you qualify for an extended warranty on one of your devices or your car — in exchange for some personal information to activate it.

Warranty scams culminate with con artists collecting your name, address, SSN, and credit card numbers. Kole Consulting Group ran a warranty scam like this for years, promising consumers “bumper-to-bumper” policies [*].

After five years, The Federal Trade Commission (FTC) finally clamped down. Five defendants were banned from any telemarketing activity and determined liable for a monetary judgment of $6.6 million [*].‍

🛟 Related: Car Buying Scams: What to Know Before You Buy a New Vehicle →

Bank impersonators

Fake fraud warnings coax victims into wiring thousands of dollars to “safe” accounts. According to the FTC, bank impersonation scams accounted for $330 million in consumer losses in 2022 [*].

For a 23-year-old woman in Colorado, falling for a bank scam meant losing her entire life savings [*]. Posing as a Chase Bank service representative, a scammer insisted that there had been fraudulent activity on the woman’s account.

Before panicking, the victim verified that the caller’s number matched the number on the back of her card; it had been spoofed.

Unknowingly, she complied with the scammer’s demands, wiring money to an account that the caller said was protected. In just a matter of minutes, $18,000 had vanished.

🛟 Related: Check Deposit Scams: Are You Liable for a Bad Check? →

Amazon fraud department scams

Amazon vishing scams work a lot like bank impersonation scams. Crooks call by pretending to be Amazon customer service and warn you of an account hack.

To remove the supposed fraudulent charge, you are required to provide your credit card and account details. 

The Better Business Bureau (BBB) warns that some scammers will even guide you through the process of locking down your account by using screen sharing software [*]. In stealth, they take over your device or install spyware along the way.

Tech support phone scams

In July 2023, the FBI issued a public service announcement about the rise in tech support scams that target older adults [*]. 

These scams begin when a fraudster calls, text messages, or emails a victim and impersonates Best Buy, Apple, Microsoft, or another big box electronic store. 

The fraudster explains that the victim’s device has been infected with malware — and offers assistance to fix it. Should victims comply, they’re asked to download a remote access app. At that point, scammers steal passwords, sensitive files, and account numbers from the victim’s computer.

Social Security and Medicare scam calls

In 2021, the Federal Communications Commission (FCC) implemented STIR/SHAKEN protocols to verify a user’s caller ID [*].

While there has been a noticeable dip in the volume of spam calls, thieves now pursue Medicare and Social Security scams. These bigger scams reel in higher dollar amounts in comparison to other voice phishing scams.

Fraudsters use caller ID spoofing to simulate Medicare hotline numbers, displaying as “1-800-MEDICARE” on people’s caller IDs. 

The end goal is to rack up Medicare charges and steal the victim’s identity. Social Security scams operate in a similar fashion. 

Scammers pretend to be officials from the Social Security Administration (SSA) and caution seniors about a SSN suspension. They then prise a hefty fee to remove said suspension. Based on official reports from 2022, victims of government imposter scams lost nearly $509 million [*].

🛟 Related: How To Prevent Medical Identity Theft: Can You Stop It? →

IRS phone scams

Receiving a call from the IRS is enough to unnerve just about anyone. Scammers prey on a victim’s anxiety, impersonating IRS agents and pushing the victim to pay bogus fines or surrender personal details.

In the past, scammers would show up unannounced at people’s houses purporting to be IRS agents; the agency ended surprise in-person visits as a result [*].

Loans, debt relief, and credit repair calls

Credit repair scams are designed to target victims with apparent credit problems. Scammers call with a timely offer to fix the victim’s credit. In return, they ask for a deposit every month and/or steal financial information.

Soon after falling victim to a scam that ruined her credit, a woman in Colorado Springs was duped by another fraudulent scheme [*].

A credit repair company promised to increase her credit scores for $400 a month over a few years. She later discovered that not only had her credit deteriorated further, but she was also out nearly $10,000.

Fake prize and sweepstakes scams

Scammers are well aware that few things are as enticing as winning the lottery. That's why they call posing as representatives of lotteries or contests — leading you to believe that you've hit the jackpot.

In February 2023, an elderly woman in Knoxville was told that she’d won the international Mega Millions jackpot [*]. 

But instead of taking home her $187 million winnings, she lost almost $200,000 in pre-paid debit and gift cards to a scammer. Ironically, he’d convinced her to pay monthly insurance payments meant to protect against fraud.

🛟 Related: 12 Scams Targeting Seniors & How To Protect Your Loved Ones →

7 Ways to Identify Vishing (and Other Phone Scams)

Vishing scams wouldn’t work if they were easy to spot. Below are seven warning signs to look out for so you don’t get duped:

1. The scheme is based on current events. Scammers had a field day during the COVID-19 pandemic, handing out fake pandemic stimulus checks or Employee Retention Credits for a fee [*]. Luring victims with aggressive and timely marketing renders them to be more likely to give up money or account information.
2. The caller claims to be from a government agency. You should get one or more written notices in the mail before a legitimate agency ever contacts you by phone. Hang up and call an official phone number to verify any unexpected requests. 
3. The caller ID displays a local area code. Just because an area code is local doesn’t mean it’s a local caller. The number could be spoofed. Americans were warned to avoid answering calls from these high-risk domestic and international area codes [*]. 
4. Too-good-to-be-true deals. Chances are high that you haven’t won a lottery or free laptop if you haven’t entered a contest. Beware of prizes that need to be claimed immediately or loans that offer unusually low interest rates.
5. The caller avoids your questions. Scammers are circumspect in their narrative, especially if you question them. They use ambiguous explanations and apply pressure to make you act recklessly. Some even play pre-recorded messages that bulldoze your questions.
6. They ask for personal information. Banks, lenders, or companies such as Amazon know not to ask for personal information over the phone. If required, they can access your account information from their workstations. Never reveal your SSN, account numbers, passwords, or any other information that may be used to bypass your account security.
7. You hear silence on the other end. If you answer the phone and no one responds for several seconds, you’re being connected to a scammer [*]. Automated call systems can take a while to establish a connection, especially if the scammer is located overseas. Don’t follow instructions to speak with a representative unless you’ve dialed a 1-800 number yourself.

What To Do If You’ve Been Targeted

Scammers can get your phone number from data broker lists, social media sites, or data breaches. Once you answer a scammer’s call, they may continue calling you (even if you hang up).

If you believe you’re being targeted by a phone scammer, you should:

• Set a password for your voicemail. Otherwise, fraudsters can spoof your phone number and muscle their way into your voicemail.
• Secure online accounts. If scammers have your phone number, they could use it to access your social media accounts, email, or even your bank account. By using unique and complex passwords and changing them frequently, you can prevent an account takeover. Multi-factor authentication (MFA) also provides a layer of biometric or cryptographic security that can keep scammers out — even if they guess your password.
• Activate spam blocking features. If your iPhone is updated to iOS 13 and later, you can automatically silence calls from unknown numbers. Toggle on Silence unknown callers in your iPhone settings. On Android devices, turn on Filter spam calls under Caller ID & Spam Protection. You can also contact your carrier about extra protection, or download third-party call blocking apps like Robokiller and Nomorobo that stop unwanted calls for a monthly fee.
• Use an AI-driven spam blocker. AI-powered call assistants automatically scan incoming calls and texts for telltale signs of scams: a sense of urgency, malware, and suspicious links. Legitimate calls are directed to you, while scam calls are sent straight to voicemail.
• Add your number to the National Do Not Call Registry. Doing so will decrease the number of sales calls you’ll get. Keep in mind that this won’t stop scammers who already have your number from calling you, nor will it block political groups, surveyors, or charities.
• Remove your number from broker lists. Data brokers collect and sell your information (including your phone number) to marketing agencies and other organizations. And sometimes, data broker lists find their way onto the Dark Web. Identity Guard offers opt-out services on your behalf.

How To Report Vishing

Earlier this year, the FTC passed a new law to crack down on illegal telemarketing calls [*]. Operation Stop Scam Calls combats illegal robocalls and data brokers that unlawfully harvest consumer contact information.

To report vishing scammers, take the following steps:

• Notify financial institutions and safeguard your accounts. Your banks can help you close affected accounts and try to get your money back. If you open a new account, don’t reuse an old password or PIN. Next, contact one of the three major credit bureaus — Equifax, Experian, and TransUnion — to add a fraud alert to your credit report.
• Contact local law enforcement. Filing a police report will legitimize your case when trying to recover any stolen funds. Also file a complaint with the FBI’s Internet Crime Complaint Center (IC3). Collective reports from multiple victims can help law enforcement track down the scammer.
• Report identity theft scams. If your Social Security number was stolen, report the scam to the SSA’s Office of the Inspector General (OIG) at oig.ssa.gov. If you suspect that your PII is at risk, notify the FTC at ftc.gov.

Keeping scammers at bay is a 24/7 job. That’s why over 38 million people use Identity Guard’s always-on credit monitoring and financial account protection services. Receive fast fraud alerts, monitor the Dark Web, and utilize Safe Browsing tools to keep your identity safe.

Scammers have free roam of the phone network. Identity Guard can help →