Entersekt | Encyclopedia | Vishing
What is vishing?

Vishing is a type of social engineering attack where fraudsters target consumers over the phone and trick them into revealing personal information like their banking login credentials or a one-time PIN.

How do vishing scams work?

Since vishing is a type of phishing, it operates on the same basis, but with a slight difference — using the fraudster’s voice to manipulate victims. Fraudsters impersonate trusted personas such as officials from the bank, a government agency, or even a colleague, aiming to garner sensitive information. As fraudsters leverage AI more and more, it has led to audio deepfakes that can sound exactly like the person they’re impersonating.

How FIs can protect customers from vishing attacks

Vishing attacks not only erode customer trust and damage an FI’s reputation, but they can also lead to major financial losses and regulatory penalties. Here’s what providers can do to protect their customers.

Firstly, focus on employee education to ensure all staff members are trained to recognize vishing attempts.

Next, invest in modern security technology that assesses fraud risks in real-time. Multi-factor authentication adds an extra layer of protection against social engineering scams as it relies on more than one factor, such as passwords, to verify the customer’s identity.

Another way FIs can reduce the prevalence of these attacks is by sharing data with the broader fraud prevention ecosystem, helping all stakeholders to stay informed about emerging vishing trends and share best practices to innovate stronger defenses against these attacks.

What’s the difference between vishing, smishing, and phishing?

Vishing is an example of phishing where the fraudster gathers information about their victim via a phone call. Smishing is also a type of phishing attack, where the fraudster gets a consumer to click on a malicious link in a text message, directing them to fake website. Phishing is a broader sub-category of social engineering, which includes phishing attacks like vishing and smishing.

Additional resources:


Vishing | Social engineering fraud | Phishing