What is a Vishing Scam and How Do I Protect Myself?

Editor’s note: In recognition of National Cybersecurity Awareness Month this October, we are publishing a series of blog posts dedicated to educating and informing you about cybersecurity practices. This is the fifth in a series of posts. Below, you can find a list of links to the rest of the series:

• FBI’s Warning: How to Protect Yourself from AI-powered Schemes
• Stuck on Windows 10? Here Are Your Options After Support Ends
• Job Scam Texts are On the Rise: Here are 5 Red Flags to Watch Out For
• Balance in Cybersecurity: Lock the Doors Before Boarding the Windows
• The CIA of Data Security: What It Means and Why It Matters
• Top 3 Cybersecurity Trends We Uncovered from GrrCON 2025
• Why MDR is the Security Team Your Organization Needs
• BYOD for Smartphones: Balancing Security, Privacy and Cost
• Ransomware Is Getting Smarter: How AI Is Changing the Threat Landscape
• Numbers Don’t Lie: Phishing Training Works
• Phishing Attacks Can Now Mimic Your Organization’s Login Page in Real Time
• Traveling for Work? Here are the Best and Worst Ways to Connect.
• Why You Should Care About Your Organization’s Security Culture Score (Posting Oct. 29)

Have you ever received a voicemail promising discounts for a service you use or offering to relieve you of your student debt?

It’s probably fake, and it’s called a vishing scam, which is short for “voice phishing.”

As if getting fake emails that attempt to steal your money wasn’t bad enough, now we have to deal with fake voicemails doing the same.

Vishing has been around for a while, but its prevalence is on the rise, thanks to AI tools that can mimic the voices of humans or even your friends, families and co-workers.

Before you panic and start ignoring your boss’s calls, let’s talk about what a vishing scam looks like and how you can protect yourself and your organization.

Anatomy of Vishing Scams

Like any scam, they come in all shapes and sizes. However, most of the common vishing scams will leave an urgent voicemail offering a discounted service — like Comcast internet or Verizon phone plan — that you use (or have used) to entice you.

And yes, before you ask, it is possible to leave a voicemail without calling a number. So, even if you don’t remember missing a phone call, you could still see a new voicemail message.

The voicemail will say something like, “Call us back using the number on your caller ID to take advantage of this incredible deal!”

This, of course, is one of many red flags, as any legitimate company leaving a voicemail would tell you what number to call rather than forcing you to rely on the caller ID.

But these attackers don’t just randomly dial a bunch of phone numbers hoping to get lucky with a few victims. They do their research, getting a victim’s name, address and account number from a previous breach to appear legitimate.

They offer a fake deal with a fake deadline, hoping the urgency of the matter clouds your judgment.

What’s the scam itself?

In return for a discounted monthly payment, you are required to pay some fees ahead of time. Those fees can be paid with your credit card, or sometimes they tell you that you must purchase store gift cards.

Of course, the attacker doesn’t work for Comcast or Verizon; they simply want to steal your money before you realize what’s going on.

Other variants of this attack involve mimicking the voices of people you know. For example, an attacker will call a victim’s grandparents mimicking the voice of the grandchild, asking them for money because they are stranded in a foreign country and need help getting home.

In another example, a vendor you work with (whose voice you recognize) could tell you to direct future payments to a new bank account, which an attacker has set up for themselves.

Attackers continue to find new ways to trick their victims, so it’s important to stay vigilant and skeptical of unexpected messages.

Protecting Yourself Against Vishing Scams

Vishing scams are a perfect example of why you should always change your password after a data breach. You might not have lost money at the time of the breach, but that information can be used against you years later to make scams more legitimate.

With that being said, there are several things you can do to protect yourself and your organization from vishing scams.

• Be skeptical of unexpected messages: Any unexpected message asking you to do something weird or new should raise red flags. Even if it’s coming from someone you speak to regularly, take a minute to think about what they are asking from you.
• Contact the vendor yourself: If you think the message might be real, find the vendor’s number on their website and reach out yourself. They will be able to verify if the message you received is legitimate.
• Personal details can be used against you: Just because a caller has some details on you doesn’t mean they aren’t a scammer.
• Never trust the caller ID feature: Don’t call a phone number back using your caller ID. These numbers can be manipulated to appear legitimate. Always use a company’s website to find legitimate contact information.
• Find out if your email is at risk: If you want to see if your email or password has been stolen in a data breach, visit this website. It offers details of breaches where your information was stolen so you can change passwords.

Learn to Spot Vishing and Other Scams

Does your organization need protection from cybersecurity threats? Don’t wait until you’ve already been attacked!

Contact us to schedule a consultation to see how we can help secure your sensitive data by training your employees on how to spot vishing and other scams. All it takes is one vishing call to bring your business operations to a halt.

Stay updated! Get tips and insights delivered to your inbox weekly by subscribing to our newsletter.