Editorial Note: We earn a commission from partner links on Forbes Advisor. Commissions do not affect our editors’ opinions or evaluations.
We’ve all been there: Your cellphone rings with a call from an unknown number. You hesitate. The area code is local, so it might be your doctor’s office or the new business associate you were expecting to hear from.
So you answer, only to be greeted by someone claiming your car warranty is expiring or you’ve inherited some money. The caller says they just need to collect your banking details to send you the funds.
But don’t give out the information, because it’s very likely the caller is a fraudster.
The New Realities of Vishing: Voice Phishing
With robocalls, telemarketers and full-on cybercriminals all trying to reach you, answering the phone has become quite a risk. Today’s phone-based fraud—called voice phishing, or “vishing”—uses manipulative tactics to get victims to reveal private information that can be used for digital theft.
The prevalence of these schemes is at an all-time high, according to the quarterly threat trends and intelligence report from PhishLabs and Agari by Fortra, where I work as senior fellow for threat research. The research found vishing cases skyrocketed by 550% from early 2021 to early 2022.
How Vishing Starts
How does a scam artist get your number? The short answer: It’s hard to know. Given all the data breaches in recent years, contact details, login credentials and a plethora of other sensitive information can be purchased easily on the dark web.
Vishing scammers may be looking to supplement the information they already have with any new details they can trick you into sharing, like your Social Security number, usernames and passwords, debit card PIN, one-time login codes and more.
Vishing can be part of a multipronged, blended approach. The swindle could start with a phishing email or SMS text message (“smishing”), then direct you to a spoofed website that fools you into thinking you’re dealing with your bank or another familiar company.
Each element of these scams is designed to con you out of your hard-earned cash. Remember that caller IDs can be spoofed, and it’s easy for anyone to get a Google Voice phone number that looks local.
8 Vishing Scams That Can Steal Your Money
Here are eight categories of common vishing scams, with examples of how they work.
1. Tech Support
You get a call that your computer’s virus protection is about to auto-renew for $400. Whether you want to renew or cancel, the caller says they need to verify the credit card on file, your address and maybe even your Social Security number.
2. Computer Virus
Out of the blue, your computer screen is taken over by an urgent alert that a virus has infected and disabled the machine. You’re told to call a number to correct the problem. The scammers are trying to con you into providing access to your computer so they can install spyware and collect additional information. (But if you just reboot, the warning should go away.)
3. Voicemail Attachment
You receive an email sent to your work account with an attached voicemail. If you click to try to hear it, you may inadvertently give the scammer access to your corporate login credentials.
4. Advanced Fee Fraud
A caller from a “bank” says you’ve got an inheritance to claim. They just need you to make a small payment to cover the notary who will release the funds. But there’s no windfall for you, just an opportunity to lose whatever money you turn over.
5. Gift Cards
Your “boss” leaves a voicemail asking you to buy gift cards for your team. You’re told to text an image of the options from the store to show what’s available, then buy the cards and text back the numbers and codes.
6. Prize Wins
You get a call that it’s your lucky day—you’ve won a prize! You can collect it once you confirm your payment details: bank account number, address, date of birth, Social Security number and so on. If you provide that personal information, the scammers will be the ones hitting the jackpot.
7. IRS Alerts
A caller supposedly from the IRS says there’s been some sort of legal action involving your Social Security number, and they’ll send agents to your home unless you provide money to correct it. This vishing scam is especially popular during tax season.
8. Area Code-Based Scams
Scammers know people are more likely to answer a call from their own area code. In the San Francisco Bay area, as an example, scammers target first-generation Chinese residents with voicemails purportedly from local immigration officials. The fraudsters threaten to arrest their victims if they don’t call back and provide details about their residency.
Legislation and Rules Combat Caller ID Spoofing
Many of these ploys use caller ID spoofing, which allows a scammer or robocaller to display the name of a local business or government agency on caller ID. A 2009 law, called the Truth in Caller ID Act, makes this practice illegal in most cases, but it has been far from a remedy.
Likewise, protocols using the colorful acronyms STIR and SHAKEN were developed in hopes of stopping caller ID spoofing on public telephone networks.
How To Protect Yourself From Vishing Scams
Many perpetrators have moved from mail-based scams to hard-to-trace phone rip-offs to avoid steep federal penalties for mail fraud. These tips can help you avoid the landmines:
- Don’t pick up a call from a number you don’t recognize. This can be tricky if your personal and work phone are the same. But whenever possible, let the call go to voicemail. Also, don’t be tempted to answer if a caller immediately calls back to make you think the matter is urgent.
- Never send money based on an unexpected call. Be particularly suspicious of any party asking for payment in cryptocurrency, gift cards, Zelle or a Western Union money transfer.
- Verify through another channel. For any inbound request for information, hang up, find the organization’s phone number on your own (maybe from the back of your insurance, banking or credit card), and call back to see if someone is legitimately trying to contact you.
- Tap into your intuition. The FBI and Microsoft aren’t going to phone about a virus on your computer. If your spidey senses are tingling, there’s probably a reason.
- Implement spam blocking. Telecom providers and consumer apps can help block or flag numbers likely to generate spam calls. There’s also the government’s Do Not Call Registry, which can help you avoid telemarketers, though scammers aren’t likely to play by the rules. But registering could keep you off some phone lists used by fraudsters.
- File a complaint. Contact the Federal Communications Commission if you receive calls that seem fraudulent, and alert the FBI’s Internet Crime Complaint Center if you incur a financial loss related to vishing.
Find the Best Identity Theft Protection Services of 2022