Glossary

What Is Vishing?

Vishing (voice phishing) is a phone-based social engineering attack where scammers call victims pretending to be trusted institutions — banks, the IRS, Medicare, or Social Security — to extract sensitive personal or financial information.

Vishing — short for voice phishing — is a social engineering attack conducted by phone where the caller impersonates a trusted institution to manipulate the target into revealing sensitive personal information, authorizing fraudulent transactions, or providing access to accounts. The FTC's FY2025 Consumer Sentinel Network data identified imposter scams (the primary category of vishing attacks) as the highest-value fraud category by reported dollar losses, with seniors over 70 experiencing median losses of $41,800 per incident.

Common Vishing Scripts

  • IRS / Tax Authority Impersonation: Caller claims there is an outstanding tax debt requiring immediate payment via wire transfer, gift cards, or cryptocurrency to avoid arrest or asset seizure. The IRS does not call demanding immediate payment — all legitimate IRS collections begin with written notice.
  • Bank Fraud Impersonation: Caller claims suspicious activity has been detected on your account and requests account credentials, card numbers, or one-time passcodes to "verify your identity." Banks will never call you asking for your full password or a one-time code sent to your phone.
  • Medicare / Social Security Impersonation: Caller requests your Medicare number or Social Security number to "update records" or process a benefit. See our guide on Medicare scam calls for detailed scripts and countermeasures.
  • Tech Support Impersonation: Caller claims your computer has a virus and requests remote access or payment for support. Legitimate tech companies do not proactively call users about computer issues.
  • Grandparent Scam / Family Emergency: Caller (often AI voice-cloned) impersonates a grandchild in distress, requesting money to cover an emergency without telling parents.

Key Defense Principles

Vishing attacks rely on the victim's emotions — urgency, fear, authority, and concern for family. The countermeasure for every vishing script is the same: hang up and call back using a number you look up independently. No legitimate institution will penalize you for hanging up and calling their verified number. Any caller who escalates pressure or refuses to let you verify their identity independently is not a legitimate caller.

Frequently Asked Questions

What is vishing?

Vishing (voice phishing) is a phone scam where callers impersonate trusted institutions — the IRS, Medicare, Social Security, banks, or tech support — to manipulate victims into revealing personal information, authorizing payments, or providing account access.

How do I know if a call is a vishing attack?

Key red flags: unexpected urgency or threats of arrest/account suspension, requests for payment via gift cards, wire transfer, or cryptocurrency, requests for one-time passcodes or full account credentials, and pressure to not hang up and verify independently. Legitimate institutions do not use these tactics.

What should I do if I receive a vishing call?

Hang up without providing any information. Look up the institution's verified phone number independently (not from the caller). Call that number to verify whether the issue is real. Report the vishing attempt to the FTC at ReportFraud.ftc.gov.

← Back to Scam Glossary

Stop the calls. No card required.

Callro's 26-layer Gauntlet Engine blocks robocalls, spoofed numbers, and scam callers before your phone rings. 7-day free trial.

Get Callro Free →

Ready for silence?

7 days free. No card needed.