Vishing: what is it, modus operandi, examples, and how to avoid it

Vishing: what is it, modus operandi, examples, and how to avoid it

Do you know what Vishing is, what risks it involves, and how you can avoid it? Vishing is a type of computer scam, in which the cybercriminal, using a mobile phone or email, claims to be a reliable source. In order to achieve effective Vishing, the cybercriminal seeks to deceive the target and obtain their personal data, usually alleging supposed security reasons. The purpose of Vishing is to steal the identity or money of users and companies. 

Despite the fact that citizens are increasingly aware of the danger of providing confidential information over the phone or over the Internet, Vishing is a crime that continues to affect thousands of people every day around the world.

In this article, we will explain the most relevant aspects of Vishing  to prevent and prevent both you, the people in your environment, and your organization from being able to protect yourself from this cyber-scam:

  • What is vishing?
  • Vishing Modus Operandi
  • Vishing Examples
  • 6 practical tips to prevent and avoid being a victim of Vishing

What is vishing? 

The word ‘Vishing’ is a combination of ‘voice’ and ‘phishing’. Identity theft consists of using deception so that a certain person reveals personal or confidential information of their own or their organization.

However, instead of using email, regular phone calls, or fraudulent websites like phishers (who use phishing techniques to scam), cybercriminals use an Internet phone service also known as VoIP (Voice over the Internet). internet protocol).

Impersonating a person, a legitimate business or government to scam people is not a new phenomenon, Vishing is simply a new twist on an old routine. In fact, Vishing has been around for almost as long as the Internet telephone service, being a much more “anonymous” channel and therefore being able to commit crimes with complete impunity.

Cybercriminals use what is known as social engineering through a combination of fear tactics, pressure, and emotional manipulation to try to trick people into giving up their information.  [Here we offer you a Practical Guide against Social Engineering]

“The goal of Vishing is simple: steal your money, your identity or both through lies and manipulation”

These Fishers even create fake caller ID profiles (called ‘spoof caller ID’) that make phone numbers appear legitimate.

Other types of victim deception include the following:

Vishing modus operandi


The most common Vishing modus operandi is to send emails requesting to call a phone number on which an answering machine appears, asking the user for confidential information.

“The modus operandi with answering machines is less efficient than the live call but much more massive and scalable, obtaining data on an international scale with very few resources and risk.”

Normally,  the excuse is that a strange movement has been detected in their bank accounts. For example, the withdrawal of large amounts of money from a credit or debit card. In this way, cybercriminals manage to alarm users, who in the end will end up revealing a series of personal data with the aim of stopping or reversing those operations or transfers (which may or may not be true).


Another Vishing procedure is when the cybercriminal obtains confidential information through a fraudulent email or website, which is called a phishing attack but needs some missing information (usually an SMS code) that is required when having Double activated. Authentication Factor.

In this case, the cybercriminal needs the SMS code or the digital token key to be able to validate the operations, transfers, or fraudulent online purchases. So, the cybercriminals call the customer by phone, identifying themselves as bank staff, and after “giving them confidence” and alarming them in some way,  using arguments of urgency or risk, they will ask them for the password they need.

In these Vishing cases,  cybercriminals are in charge of recreating the entire scenario related to the call to trick people into achieving their goal, such as replicating voices and the atmosphere of a call center, putting you on hold with corporate music, etc.

To achieve this, they carry out these actions:

  1. They collect customer information such as full name or address (usually published by the user or their environment on the Internet), account numbers, or bank cards (usually published on the deep Web or the Dark Web).
  2. They establish a sense of urgency, making the belief that money or certain confidential data is in danger so that the victim responds instantly.

In a world as hyperconnected and dependent on technology as the current one,  knowledge of cybersecurity is more necessary than ever. On a personal and professional level, we must know about Cybersecurity in order to prevent cyber threats and, if they affect us, to be able to manage them effectively.[Here you will find all the recommended courses on Cybersecurity, from beginner to Expert level]

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *