Dealing with a vishing scam

Vishing is when you receive a phone call from a criminal who tries to trick you into sharing information that can be used for the criminals personal gain. The criminal typically impersonates an official at a legitimate organisation and will be well practiced at tricking people into believing them. Vishing scams are designed to generate fear and immediate response. Some will occur over a very short time frame - just trying to get you to hand over card details or security information - and some can be a longer term scam that gets you to part with a significant amount of money.

How to spot a vishing call (telephone scam)

  1. You receive a phone call in the first place - Organisations like banks never phone you and ask you to confirm information they should already know or ask you for private information like passwords and security codes. If you get a call like this hang up and call the organisation directly to check if they tried to contact you.

  2. A strange phone number - A vishing call will come from a number you haven’t seen before. It certainly will not match the official number of the person or organisation they are pretending to be. Check the number by visiting the organisations website.

  3. The creation of a sense of urgency - The caller often ask recipients to verify personal information, such as bank details or a password. They can create a sense of urgency by warning that your account has experienced suspicious activity or pretending to be someone you know who is in urgent need of financial help. These are massive warning signs. If you are ever unsure, contact the company or person using the contact details you already have for them or that are on their legitimate website. Never use any contact details provided by the caller.

  4. Something doesn’t feel right - Trust your gut. If it doesn’t feel right it probably isn’t. Hang up and contact the person or organisation directly.

What to do if you have fallen for a vishing scam

It is very easy to fall for a vishing scam, even cyber security experts can fall for them. Don’t feel ashamed or embarrassed. The key focus once you realise you have fallen for one is acting quickly.

  1. Contact the organisation that was spoofed - Report the vishing attack to the company, whether it’s your email provider, your utility company, or your employer that the criminal impersonated. Let the company know that you changed your password, and follow their instructions for safeguarding your information and your account. If you gave out financial information, you will need to contact your bank and may need to cancel your existing card and get a new one.

  2. Change any shared information - If you provided a password or any other private information then change this as quickly as possible and alert the providers to ensure they watch your account closely.

  3. Watch out for warning signs of identity theft - If you’ve revealed any financial information or other sensitive data like your bank details, you need to watch for signs of identity theft. First, keep a close eye on your bank and credit card statements, looking for any withdrawals or purchases that you didn’t authorise. You can also ask your bank to alert you of any unusual activity.

  4. If you let someone remotely connect to your device - Some scams pretend to be popular IT companies and try to tell you you have an issue with your computer. If you let someone connect to your device then you should take the device online and then follow our removing malware guide here.

Report the crime

If you are in England, Wales or Northern Ireland you should report all cyber crime to Action Fraud. In Scotland, you can see details of reporting to Police Scotland here.

How to avoid falling for a telephone call scam

  1. Register with the Telephone Preference Service. The Telephone Preference Service is a free service which enables you to join the official register to opt out of unsolicited sales and marketing calls. This will help, as you would be aware not to inspect calls of this nature.

  2. Never answer a call from an unknown number - It may be tempting to answer calls from unknown numbers, but doing so could lead you right into a scammer’s waiting arms. Additionally, picking up may only alert the vishing scammers that the number is active, leading to more calls down the road. Instead, let the call go to voicemail. The rule of thumb is that any real person, business, or government institution that was calling for something important will invariably leave a voicemail or call back later.

  3. Never give personal information over the phone - Your phone number is probably very easy for criminals to find and you never know who you are talking to over the phone. Never give out any personal information over the phone. Banks and government institutions should never ask for personal information over the phone. That said, banks will call you if they believe fraud may be occurring on your account. However, they will typically only call to confirm your location and alert you to the event.

  4. Use a caller ID app - A good caller ID app can help boost your phone’s spam call detection and blocking capabilities and are available for both Android and iOS phones. Confirmed spam numbers are blocked, while good numbers are allowed through. If a number does end up being a vishing scam, you can add it to their database.  

Donate

To help people like you we rely 100% on donations from people like you.

Without donations we cannot keep our service free and provide help to the most vulnerable victims of cyber crime when they need it most. As a not-for-profit organisation, 100% of your donation goes towards keeping The Cyber Helpline up and running - so 100% goes towards helping people like you. Donate now and help us support victims of cyber crime. 

To help people like you we rely 100% on donations from people like you.