Giacomo Lanzi

What is Vishing and how does it work

Estimated reading time: 7 minutes

Vishing is a particular type of phishing that uses VoIP (Voice over IP) technology to carry out attacks. Unlike traditional landline telephone services, with VoIP technology it is possible to carry out telephone conversations using the Internet connection.

Hackers often use VoIP in their vishing attacks because this allows them to spoof their caller ID with great ease. Posing as an employee of a legitimate entity, such as a bank, the police or a well-known company, Hackers try to obtain personal and financial information of their victims.

With the information obtained it is possible to access a bank account and empty it. Furthermore, it is possible to commit fraud, scams and other crimes using the identity of the victim. Identity theft is a crime that has been on the rise in recent years, which is another reason to inform yourself and stay alert.

Vishing: how to recognize the attack

Vishing attacks usually use automatic text-to-speech systems to redirect the victim to a telephone number controlled by the hacker, but this does not exclude the possibility that a hacker could engage in a real conversation with his victim. The information most commonly targeted by vishing attacks is bank account data. However, many times, hackers also try to obtain access credentials to well-known services such as Microsoft, Apple or Google.

Using social engineering, hackers carrying out vishing attacks trick their victims into extorting money. Generally, scammers attempt to create a sense of urgency or try to alter the emotional state of their victims. This is to force you to pay quickly and without thinking deeply about what is happening.

Vishing: common attack patterns

Vishing attacks can be different from each other, although they always have common goals. A scammer who uses this type of attack could disguise his Caller ID by pretending to be an authoritative person or any known person. They may also leave pre-recorded messages containing threats in their victims’ email inboxes. Not just emails, hackers could also exploit SMS to carry out their scams, as in cases of smishing.

Scammers usually approach their victims by posing as people of authority or exploit the victim’s personal relationships. Below you will find a list of the most commonly adopted scam schemes.

Most common Vishing attacks

Debt collection agency scam

The scammer pretends to be an official of a debt collection agency. The scammer threatens legal consequences or even arrest if the victim does not pay his debts, even if the victim actually has no debt.

Romance scams

the hacker pretends to be a love interest for his victim who he meets on a dating app or site. He or she may sometimes pose as an old flame from the past who urgently needs money for some family or medical reason.

Tech support scam

The scammer poses as a tech support employee and claims there is a serious technical problem on the victim’s computer. The scammer, in this case, uses fear and a sense of urgency to gain remote control of the victim’s computer. It will then install malware passing it off as diagnostic software. Once you gain remote control of your computer, you can access files or any personal information stored on your computer.

There are real companies that live with this type of “business” in Asian countries. Furthermore, there are known creators and white-hat hackers on YouTube who intercept these scammers and try to carry out reverse (social) engineering to trap these criminals. Some of these creators have achieved remarkable results, causing some of these scammer companies to shut down.

vishing scammers
A typical “call center” where telephone scams and vishing become just another type of business like any other.

Business and investment scams

Scammers pose as financial experts and convince victims to pay sums of money for investments. Scams centered on cryptocurrencies have been spreading a lot lately, driven by the utopia of making a lot of money in a short time.

Charity scams

Scammers pose as members of charities to convince victims to donate to their cause. These fake organizations don’t actually do any charitable work and the money donated goes directly to the scammers. It is very common for them to use photos of children or people suffering from illnesses to appeal to the human sense of compassion.

Insurance scams

Using the information they have on the cars registered to their victims, they try to offer them advantageous insurance offers. With this strategy it is possible not only to collect other personal information on one’s victims, but also to defraud them financially if the victim decides to purchase the policy proposed by the hacker.

How is it possible to defend yourself from vishing

It is often difficult for victims to recognize vishing attempts because it is not unusual for banks and other entities and organizations to request sensitive information by telephone. Vishing attacks are increasingly sophisticated and can include pre-recorded messages and other ways to increase credibility.

We at SOD suggest several ways to detect vishing attempts, below are some strategies to adopt to recognize this type of attack. The best defense against these frauds, as in the case of phishing, is to know how to identify them immediately and not to spread any personal information by telephone, especially if the request is unexpected.

You should always be careful when using poorly traceable forms of payment such as cash, gift cards and prepaid cards. Additionally, you should pay particular attention to the characteristics of the phone call, such as the tone or accent of the person making the call or the urgency of the call. These can be alarm bells that signal the possible presence of a case of vishing.

To avoid falling victim to vishing, it is advisable to never answer calls from unknown numbers. Another useful tip is to never comply with requests from a suspicious person, such as pressing buttons when asked or answering suspicious questions.

If you are not sure about a number from which calls are received, you can always do an internet search and see if the number belongs to a service we use that is perhaps contacting us with a real problem.

In many countries, social media is used to communicate with the public. Many platforms use protection systems to verify the actual authenticity of government and banking profiles, therefore you should never trust an entity without these badges.

vishing phone


The types and mechanisms of intrusion are increasingly sophisticated. Phishing, smishing and vishing attempts are now a constant in our lives, continually putting our personal data at risk. As we have seen in many situations, data is the most valuable commodity on the internet, so protecting it must be a priority!

To concretely defend ourselves, the use of professional tools is the only safe path to take. Our SOCaaS service protects against vishing but is also a complete tool that guarantees corporate security, identifying and blocking all kinds of threats.

Additionally, SOD also organizes ethical attack campaigns to test the resilience of a company’s employees. After the attacks, the data collected is used to organize training sessions geared towards the specific characteristics of the company and the resilience shown by employees.

For information on the ethical phishing services we offer or to better understand how SOCaaS could be an ideal solution for your company, do not hesitate to contact us by pressing the button below.

Useful links:



More Articles…

Categories …


RSS darkreading

RSS Full Disclosure

  • SEC Consult SA-20240220-0 :: Multiple Stored Cross-Site Scripting Vulnerabilities in OpenOLAT (Frentix GmbH) February 21, 2024
    Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Feb 20SEC Consult Vulnerability Lab Security Advisory < 20240220-0 > ======================================================================= title: Multiple Stored Cross-Site Scripting Vulnerabilities product: OpenOLAT (Frentix GmbH) vulnerable version:
  • Re: Buffer Overflow in graphviz via via a crafted config6a file February 21, 2024
    Posted by Matthew Fernandez on Feb 20The fix for this ended up landing in Graphviz 10.0.1, available at Details of this CVE (CVE-2023-46045) are now published, but the CPEs are incomplete. For those who track such things, the affected range is [2.36.0, 10.0.1).
  • CVE-2024-24681: Insecure AES key in Yealink Configuration Encrypt Tool February 21, 2024
    Posted by Jeroen J.A.W. Hermans via Fulldisclosure on Feb 20CloudAware Security Advisory CVE-2024-24681: Insecure AES key in Yealink Configuration Encrypt Tool ======================================================================== Summary ======================================================================== A single, vendorwide, hardcoded AES key in the configuration tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality of provisioning documents....
  • Microsoft Windows Defender / Backdoor:JS/Relvelshe.A / Detection Mitigation Bypass February 21, 2024
    Posted by hyp3rlinx on Feb 20[+] Credits: John Page (aka hyp3rlinx) [+] Website: [+] Source: [+] [+] ISR: ApparitionSec [Vendor] [Product] Windows Defender [Vulnerability Type] Detection Mitigation Bypass Backdoor:JS/Relvelshe.A [CVE Reference] N/A [Security Issue] Back in 2022 I released a...
  • Microsoft Windows Defender / VBScript Detection Bypass February 21, 2024
    Posted by hyp3rlinx on Feb 20[+] Credits: John Page (aka hyp3rlinx) [+] Website: [+] Source: [+] [+] ISR: ApparitionSec [Vendor] [Product] Windows Defender [Vulnerability Type] Windows Defender VBScript Detection Mitigation Bypass TrojanWin32Powessere.G [CVE Reference] N/A [Security Issue]...
  • Microsoft Windows Defender / Trojan.Win32/Powessere.G / Detection Mitigation Bypass Part 3 February 21, 2024
    Posted by hyp3rlinx on Feb 20[+] Credits: John Page (aka hyp3rlinx) [+] Website: [+] Source: [+] [+] ISR: ApparitionSec [Vendor] [Product] Windows Defender [Vulnerability Type] Windows Defender Detection Mitigation Bypass TrojanWin32Powessere.G [CVE Reference] N/A [Security Issue]...
  • 44CON 2024 September 18th - 20th CFP February 15, 2024
    Posted by Florent Daigniere via Fulldisclosure on Feb 1544CON is the UK&apos;s largest combined annual Security Conference and Training event. Taking place 18,19,20 of September at the Novotel London West near Hammersmith, London. We will have a fully dedicated conference facility, including catering, private bar, amazing coffee and a daily Gin O’Clock break.         _  […]
  • SEC Consult SA-20240212-0 :: Multiple Stored Cross-Site Scripting vulnerabilities in Statamic CMS February 14, 2024
    Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Feb 13SEC Consult Vulnerability Lab Security Advisory < 20240212-0 > ======================================================================= title: Multiple Stored Cross-Site Scripting vulnerabilities product: Statamic CMS vulnerable version: =3.4.17 CVE number: CVE-2024-24570 impact: high homepage:
  • Stored XSS and RCE - adaptcmsv3.0.3 February 14, 2024
    Posted by Andrey Stoykov on Feb 13# Exploit Title: Stored XSS and RCE - adaptcmsv3.0.3 # Date: 02/2024 # Exploit Author: Andrey Stoykov # Version: 3.0.3 # Tested on: Ubuntu 22.04 # Blog: *Description* - It was found that adaptcms v3.0.3 was vulnerable to stored cross site scripting - Also the application allowed the […]
  • OXAS-ADV-2023-0007: OX App Suite Security Advisory February 14, 2024
    Posted by Martin Heiland via Fulldisclosure on Feb 13Dear subscribers, We&apos;re sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at YesWeHack. This advisory has also been published at […]