« Back to more Point of View stories

Answer at Your Own Risk: 5 Things to Know about Vishing

Voice phishing, or vishing, is a tactic criminals use to steal information from unsuspecting victims. Here’s what you need to know.

Calls from unknown numbers are a nuisance, and they could put you at risk if you don’t know how to handle them. Vishing (a combination of “voice” and “phishing”) is social engineering conducted over the phone, intended to persuade someone to divulge sensitive information. Vishing comes in many forms and includes robocalls, cold calls from actual humans, or even targeted calls from an informed attacker. Trevor Buxton, fraud communications manager and Certified Fraud Examiner with PNC Bank, has these five pointers to help keep you informed and safe. 

1. Don’t Answer Phone Calls from Numbers You Don’t Recognize

If an unknown number pops up on your caller ID, do not answer. Wait until it stops ringing or goes to voicemail. Answering the call and hanging up or even declining the call early, signals to the caller that there is a human being and a potential fraud target on the other end of the line. 

2. Beware of Unexpected Calls from Numbers You Know Too

Criminals can spoof the caller ID so it could appear that the call is from a person or organization you know even when it’s not. If you have any doubts, don’t answer the call, go to the organization’s website and redial the number that’s there. If they really did try to get in touch with you, they’ll recognize you when you call back. If it was a vishing call, the organization will be able to confirm that they did not try to get in touch with you.

Woman looking at her smart phone

3. There Are a Few Warning Signs That a Call May Be Vishing

Besides an unknown phone number, there are a few other warning signs that a call might be a vishing attack. Just like with phishing and SMiShing attacks, the caller likely will be conveying a sense of urgency. For example, a criminal may pretend to be from your bank, saying your account has been compromised and you must act right away. Vishers also will usually be asking for personal information, such as bank account numbers, Social Security numbers or even your home address. Be aware that sometimes the attacker will seem informed (they’ve researched your name, where you live, any kind of basic information about you) to trick you into feeling like the call is legitimate and prompting you to divulge more information. 

4. If You Answer, Keep Calm and Hang Up Without Speaking

If you do answer the phone, the moment you suspect it might be a vishing call, end the call immediately. Do not speak to or otherwise engage the caller. There are vishing schemes in which the sole purpose is to record the victim’s voice for later use in navigating voice-automated phone menus tied to the victim’s accounts. After you hang up you can report the vishing attack to the FBI’s Internet Crime Complaint Center

5. Vishing Can Peak at Certain Times of the Year

Vishing is a common form of fraud, and it happens year round. That said, there are times when vishing attacks tend to increase. Certainly there’s an uptick in fraud following a massive data breach. If your information has been compromised, you should be on the lookout for targeted attacks where the caller pretends to know you using the information that was compromised in the breach. Vishing attacks mimicking the IRS or tax prep firms ramp up around tax filing season. It’s also good to be on the lookout during election season. Unscrupulous callers pretend to be from reputable political organizations or campaigns asking you to donate money. Similarly, fraudsters will pose as charities asking you to donate with the goal of accessing your credit card information after large-scale tragedies and natural disasters. 

The bottom line when it comes to any kind of fraud is it’s better to be overly cautious. Don’t answer phone calls from unknown numbers. If you do answer and find yourself on a suspicious call, hang up without speaking and call back using the phone number listed on the organization’s website.

 

Learn more about cybersecurity at PNC.com »

Trevor Buxton
Trevor Buxton is a fraud communications manager and Certified Fraud Examiner with PNC Bank

Did you know?

Adding your name to the National Do Not Call registry does not protect you against vishing because criminals don’t follow that regulation. That only protects you from legitimate, law-abiding organizations that are not allowed to dial numbers on the list.


PNC Point of View
Real People. Real Perspective. Real Insights.
Read more POV Stories »

Important Legal Disclosures and Information

These articles are for general information purposes only and are not intended to provide legal, tax, accounting or financial advice. PNC urges its customers to do independent research and to consult with financial and legal professionals before making any financial decisions.

This site may provide reference to Internet sites as a convenience to our readers. While PNC endeavors to provide resources that are reputable and safe, we cannot be held responsible for the information, products or services obtained on such sites and will not be liable for any damages arising from your access to such sites. The content, accuracy, opinions expressed and links provided by these resources are not investigated, verified, monitored or endorsed by PNC.