What is Vishing?

Vishing is the voice version of phishing. Instead of sending deceptive emails or messages, scammers use the telephone as a means of deception. The word is derived from the combination of the words “voice “ and “phishing “and describes cases where someone attempts to obtain confidential information through telephone communication.

This technique primarily relies on manipulating the victim’s emotions – fear, pressure, trust, and a sense of urgency. The perpetrators pretend to be someone you know or trust: an employee at your bank, a coworker, or even a member of your company’s management. Their goal is to get you to talk, revealing information you shouldn’t.

How Vishing Works

The method is simple but highly effective. The scammer calls you and pretends to be someone you trust. Their voice is calm or stern, depending on the scenario. They may tell you that there is a problem with your account, that they need to confirm a payment, or that if you don’t respond immediately, there will be a serious problem.

Their goal is to create an urgent and realistic situation so that you give them what they need: card numbers, passwords, personal information, or even perform an action on their behalf, such as changing your password or transferring money.

The Growing Threat of Vishing

Vishing is not an isolated incident – ​​it is a growing phenomenon. The 2024 Voice Phishing Response Survey reveals that an increasing number of businesses worldwide are facing significant risks from phone scams.

In 2023 alone, businesses in the United States lost over $10 billion due to vishing attacks. Globally, the average loss per business exceeded $14 million. One of the most high-profile examples is the case of MGM Resorts, where attackers used vishing to gain access to the company’s systems, resulting in approximately $100 million in damage.

What Information Are Scammers Looking For?

Vishing perpetrators don’t just want to annoy you – they target particular data. The information they seek to extract is always:

  • Access codes
  • Credit card details
  • Social Security Numbers
  • Personal credentials for applications or corporate systems.

This type of information can be used to steal money, breach systems, steal corporate data, or even resell it to other criminals.

Who is Most Vulnerable?

According to the same survey, 6.5% of employees who participated in simulated vishing attacks revealed sensitive information. This percentage rises dramatically in certain industries and departments.

The most vulnerable industries were Manufacturing and Engineering, at 19.2%, and Entertainment and Media, at 18.1%. The reason? Workers in these sectors often lack specialized cybersecurity training and frequently interact with external partners and customers.

Similarly, some departments within companies show higher success rates for fraudsters. Customer Support had the highest rate, at 11.5%, while even the Information Technology (IT) department, which is supposed to be more suspicious, showed a rate of 7.1%.

The Impact of Vishing Attacks

The consequences of a successful vishing attack are not limited to the loss of information. The financial costs can be enormous, as we have seen before. If sensitive data falls into the wrong hands, the cost to the business or individual is immediate and multi-layered.

Beyond the money, there is also the issue of system breaches: Attackers can gain access to internal networks and steal or destroy critical data.

Reputational damage is another blow. When an organization or business falls victim to such fraud, customer trust can be shaken, which directly affects the brand’s image.

Finally, we must not forget about downtime: employees who fall victim, processes that get stuck, and departments that get out of sync — all of these can create significant operational problems.

The Case of Teknosa

The case of Teknosa, a large technology chain, is an excellent example of how a company can effectively deal with vishing.

Teknosa was facing problems with scammers calling its salespeople, pretending to be company representatives, and extracting information. This resulted in losses and increased risks for the company.

The solution came through artificial intelligence training and realistic phone simulations. In just three months, Teknosa managed to:

  • Reduce the risk of vishing by 80%
  • Increase reports of actual attacks by 178%
  • Prevent $439,250 in damages annually

This example clearly shows that with the right approach, the threat of vishing can be drastically reduced.

What We Can Do to Stay Protected

You don’t need to be an expert or have technical knowledge to protect yourself from vishing phone scams.

What is needed is a more careful attitude in our daily lives and to be a little suspicious.

So, what can each of us do to feel safer when picking up the phone?

First of all, don’t trust anyone who asks you for personal information, no matter how serious they sound. Even if they claim to be from the bank, the hospital, or the police, it doesn’t mean they’re telling the truth. It’s your right to ask, to question, and not to answer anything if you’re not sure.

If you feel even a little suspicious, stop the call. Say a simple “I’ll check and call you back” and hang up. Contact the official line of the company or carrier and ask if the call was legitimate. This “just a minute to make sure” can save you a lot of trouble.

Finally, keep notes: what number they called you from, what they said, and the reason. If you need to report it to the police or your bank, these details are valuable.

Do You Suspect You’ve Been a Victim of Vishing?

If you suspect you have given information to the wrong person over the phone or want to enhance your business security, please contact us immediately. Our team will help you understand exactly what happened, outline the next steps, and provide guidance on how to mitigate the risk.