Vishing
What is Vishing?
Vishing (short for “voice phishing”) is a type of social engineering attack where scammers use phone calls or voice messages to trick people into revealing sensitive information, such as passwords, credit card numbers, or account details. Unlike smishing or email phishing, vishing relies on the psychological power of human conversation—exploiting trust, urgency, and authority to lower a victim’s defenses. These scams often spoof legitimate phone numbers and impersonate banks, government agencies, or tech support to make the call seem credible.
The Basic Idea
I’ve been spending a lot of time with my grandmother lately, and while she has certainly taught me a lot about many things, I’ve also been able to teach her about some of the many technologies she didn’t grow up with. A few weeks ago, she got a call from an unknown number and answered it in front of me. As usual, she had the speaker on, so I was able to listen in on the entire conversation.
The voice on the other end of the phone told her that they were from the Social Security office and there was an issue with her paperwork. Confused, my grandma asked what the issue was, and the voice told her they’d need to collect some more information from her before they could send her the check she was expecting. Although my grandma knew enough to hesitate before giving out her personal details over the phone, I was still glad I was there to intervene and have another conversation with her about what exactly was going on with these spam calls.
The call, of course, was fraudulent, and this was a small gateway to the world of vishing, a mash-up of “voice” and “phishing.” The term describes a cybercrime tactic where attackers use phone calls or voice messages to trick people into revealing sensitive information or transferring money. Vishing isn’t just about faking a voice, it’s a form of social engineering, meaning it exploits human psychology, including trust in authority figures, fear of loss, and urgency bias, rather than technical vulnerabilities. Like phishing emails or smishing texts, vishing calls often mimic legitimate institutions, such as banks, government agencies, or tech companies, to manipulate recipients into quick, emotion-driven decisions.
Unfortunately, vishing scams are on the rise as fraudsters take advantage of voice technology, spoofed caller IDs, and even AI-generated voices to make their schemes more convincing. Unlike email spam filters or SMS blocking tools, there’s no firewall between you and a persuasive-sounding scammer on the other end of the line. A well-crafted vishing call can bypass skepticism even in tech-savvy users, especially if it aligns with something they’re already expecting like a payment confirmation, a service interruption, or an account verification request. Combating vishing isn’t just about better technology; it’s about cultivating a moment of hesitation in our own minds, strengthening digital literacy, and holding telecoms and regulators accountable for creating a safer voice communication ecosystem.
The online world is just the reflection of the real world. We have good people and bad people in both places.
― Mikko Hyppönen, Chief Research Officer at F-Secure Corporation
About the Author
Annika Steele
Annika completed her Masters at the London School of Economics in an interdisciplinary program combining behavioral science, behavioral economics, social psychology, and sustainability. Professionally, she’s applied data-driven insights in project management, consulting, data analytics, and policy proposal. Passionate about the power of psychology to influence an array of social systems, her research has looked at reproductive health, animal welfare, and perfectionism in female distance runners.
