Vishing
What is Vishing?
VishingPhishing conducted over voice channels — phone calls or VoIP — to manipulate victims into revealing credentials, payments, or remote access.
Vishing (voice phishing) uses live or automated phone calls, voicemails, and increasingly AI-generated voice clones to impersonate banks, government agencies, IT support, or executives. Attackers often combine vishing with caller-ID spoofing and prior reconnaissance to appear legitimate. Typical goals include extracting MFA codes, persuading the victim to install remote-access software, authorising fraudulent transactions, or convincing IT help-desks to reset passwords. Defences include strict help-desk verification procedures (callback to known numbers, knowledge-based or hardware-token validation), call-screening tools, end-user awareness, and replacing SMS- or phone-based authentication with phishing-resistant factors.
● Examples
- 01
A caller posing as the bank's fraud department asks for a one-time code "to cancel a suspicious transaction".
- 02
An attacker impersonates a known executive using a cloned voice to instruct accounting to send a wire transfer.
● Frequently asked questions
What is Vishing?
Phishing conducted over voice channels — phone calls or VoIP — to manipulate victims into revealing credentials, payments, or remote access. It belongs to the Attacks & Threats category of cybersecurity.
What does Vishing mean?
Phishing conducted over voice channels — phone calls or VoIP — to manipulate victims into revealing credentials, payments, or remote access.
How do you defend against Vishing?
Defences for Vishing typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Vishing?
Common alternative names include: Voice phishing.