Top 5 Vishing Attacks and How to Avoid Them

Written by Sam Jones
Nov 23, 2021 - 5 minute read

Find out about 5 common vishing attacks and how to make sure you don’t get caught out by them.

While phishing may now be a term that’s commonplace, talking about vishing can still raise a few eyebrows, despite the fact that vishing scams have been around for ages. 


Vishing or ‘voice phishing’ refers to a social engineering technique where hackers will target you over the phone, in an attempt to acquire sensitive or financial information or even get you to download malware onto your computer. 


It can be used in conjunction with other social engineering hacks like smishing or phishing to ensure a wider attack surface area. 


But how do vishing hackers lure you in? What should you be keeping an eye - or ear - out for?


Read on to learn about 5 common vishing attacks and how to make sure you don’t get caught out by them.


Banks and Financial institutions 


Scammers will often pose as your bank or credit card provider to tell you that there’s an issue with your account and payment details need to be updated. 


They may also tell you that your money is at risk in some way because this can help to spark urgent action and get you to hand over the details they need - namely, your account details or perhaps your PIN. 


It’s important to be aware that banks will never ask for these details over the phone. You can’t rely on caller ID either, as clever number spoofing technology can make it appear that the call is legitimately coming from your bank. 


This vishing attack is a very popular one, but it also works. Reports show that banking customers lost around £58m to these vishing scams in 2020. 


HMRC scams


Most of us will at least know someone that has had a call from HMRC, with someone either saying that a lawsuit is being filed against you or perhaps you are due a tax refund but they need you to confirm some details. 


Understandably, hearing the word ‘lawsuit’ tends to make you panic and be more likely to comply with whatever you’re being told needs to happen to fix the situation. 


Hackers particularly like to target old or vulnerable people too, as they are less likely to be aware of it being a scam. 


The best thing to do when you receive these calls is to hang up straight away and report the situation to Action Fraud. Sharing details of the call like the number it came from can help the experts investigate and shut down these scammers. 


Computer repairs and improvements 


Another common vishing scam involves a call claiming to be from a well known IT or tech company, like Microsoft, and they will say that your computer has been affected by a virus. 


They may give you specific instructions to fix it, which could involve them sending you some software to download, or sending you to a fake site to download it - spoilers - they’re probably trying to get you to install malware on your system. They may then get you to tweak specific settings which will actually be making your computer even more vulnerable to further hacking. 


With these kinds of vishing calls, the caller may use lots of technical jargon to confuse you but make you think they must know what they’re talking about. Legitimate tech companies will never contact people in this way though, and never get you to install software they send you!


Advance fee fraud


This type of vishing scam can involve lots of different kinds of situations, but generally, they will involve being asked to pay a large upfront fee for goods or services that, of course, never actually materialise. 


Promises of a PPI refund is one type of advance fee fraud. You may be called out of the blue by an apparent authoritative body, for example, the FCA, and be told that you are due a PPI refund. However, to release the funds, you must first make a payment. 

They may ask that this payment be made via a voucher or use a money transfer company to avoid the payments getting traced. This should always be a big red flag. 


If it’s a claims company, you can check if they are authorised on the financial services register.


Other advance fee fraud may include rental fraud, where you're asked to pay an upfront fee for a non-existent property, loan scams, where a fee is needed to cover the insurance for a (fake) loan, or even pretend lottery winnings, where payments and personal information are required to release your winnings. 


Always be wary of companies asking you to make payments over the phone. It’s best to hang up and directly contact the company yourself to check the legitimacy of the call. If it is a vishing scam, report it to Action Fraud.


Healthcare vishing scams

These vishing scammers might claim to be your GP surgery, or a representative from the NHS, Public Health England (PHE) or the World Health Organisation (WHO). 


During the pandemic, there was a big increase in covid related vishing attempts, often involving offers of a free test or treatment.


If it is a recorded voice message, it may ask you to press a number on your dial pad, but be warned, this could connect you to a very costly premium number. Alternatively, speaking to an operator may lead to the divulging of private information or banking details. 


Other medical-related vishing scams may promise cures to certain ailments or medication without needing a prescription. It’s always advised to speak with your GP or pharmacist before taking any kind of action - if it sounds too good to be true, it probably is!

 Avoiding vishing scams


Unfortunately, with phone numbers being so readily available to hackers nowadays, it’s hard to completely avoid being targeted by a vishing scam, but there are things you can be extra wary of when taking a phone call you weren’t expecting and steps you can take for your protection:


  • Don’t reveal your personal or financial information over the phone. They may speak quickly and throw in jargon to try and get you to go along, but always make sure you think before you speak.
  • Don’t trust caller ID. Phone numbers can be faked.
  • If you’re not sure if the organisation is genuine, hang up and call their actual number yourself to confirm.
  • Get registered on the telephone preference service (TPS)
  • Talk to your phone provider about specific privacy services
  • Use the ‘block number’ function on your smartphone

More by Sam Jones