We're all aware that scams often occur over the phone – in fact, you might not even answer the phone if you don't recognize the number to avoid scams. In cybersecurity, this type of attack is known as "vishing," which is short for voice phishing. These are scams where criminals use phone calls to trick you into handing over personal information, sending money, or taking actions such as disclosing your multifactor authentication code. 

You may have even received a few vishing attempts today. The callers say they're from your bank or the IRS, for example, or you might hear a robotic voice warning about “fraudulent activity on your account” or that you need to sign your vehicle up for a warranty. These scams are surprisingly common and incredibly sneaky. But with a bit of knowledge, you can learn how to recognize a vishing attempt and hang up on the bad guys.  

And if you don't answer the phone when you don't recognize the number? That's fine! We recommend it. You aren't being rude, you're staying safe.  

What does a vishing scam sound like? 

Vishing calls can come from real people, robocalls, or even AI-generated voice clones. The scammer may pose as someone from your bank, a government agency, tech support, or even a coworker or family member. Their goal is to build just enough trust – or cause enough fear – to make you act without thinking. 

Here are some common types of vishing scams: 

• Fake bank or credit card alerts 

A scammer pretending to be from your bank may claim there's suspicious activity on your account. They'll ask you to “confirm your identity” by giving your account number, PIN, or Social Security number. 

• Government impersonators 

These calls often claim to be from the IRS, Social Security Administration, or even local police, threatening fines, audits, or arrest unless you take immediate action. Know that the government never calls like this! 

• Tech support scams 

Someone claiming to be from Microsoft, Apple, or your internet provider says your computer has a virus or your IP address has been compromised. They’ll urge you to install remote access software or hand over sensitive data. 

• Amazon and package delivery scams 

A caller might warn you about a large charge on your Amazon account. To dispute the purchase, you’re instructed to “press 1.” From there, the scammer pressures you into giving payment details or remote access to your device. Additionally, callers might say a package cannot be delivered unless you give out information – know that Amazon, UPS, the USPS, or other delivery services don't contact you and pressure you like this.   

• AI voice clones 

Nowadays, scammers can use artificial intelligence to mimic the voice of someone you know, such as your boss, grandchild, or sibling. They can make it sound like the person is in trouble and needs your help…especially your immediate financial assistance. If you get a panicked call from someone saying they’re in jail, in an accident, or kidnapped. Pause. Hang up. Call the person back from a number you had saved.   

How to tell if a call is vishing 

Whenever you get an unexpected, urgent request to take action, no matter if it's over the phone or in your email inbox, take a moment and think. Watch out for red flags.  

• The call is unexpected. You weren’t expecting a call from the IRS, Amazon, or your bank. In most cases, these organizations never call you out of the blue.  

• The caller asks for sensitive info. Legitimate companies never ask for full Social Security numbers, passwords, or PINs over the phone. They will also never ask for an MFA code over the phone.  

• The caller wants payment by gift card, crypto, or wire transfer. This is a huge red flag, and you should hang up immediately. No reputable business or government agency accepts payment in this manner. Additionally, a caller might suggest sending cash through a courier – this is also a scam tactic, and you should hang up.  

• The caller pressures you to act fast. Scammers want you to panic. Slow down, ask questions, and verify. Call the organization at a phone number you found independently, either from your contacts or from the organization's official website.  

What to do if you get a suspicious call 

You don't need to be courteous to scammers! There are a few steps to handling suspected vishing calls. 

1. Hang up. 

You’re under no obligation to stay on the line. If the call feels off, it probably is. Just hang up. 

2. Don’t press buttons or speak. 

Robocalls may prompt you to “press 1 to speak to an agent.” Don’t. Interacting confirms your number is active and may lead to more scams. Hang up.  

3. Don’t give any information. 

Never share personal information, such as account numbers, passwords, or your Social Security number, over the phone. Hang up.  

4. Verify independently. 

If you’re worried the call might be real, hang up...and then call back using an official number from the company’s website or your account statement. If the call was from someone you know, use the phone number in your contacts. Scammers can spoof phone numbers, so don't just call the same number back. 

How to report vishing calls

Reporting helps shut scammers down. It also helps others avoid the same traps. 

• Report the number to the FCC  

• Report scams to the FTC 

• Block the number on your phone 

• Enable scam call blocking features from your mobile carrier – many now offer free tools to help 

• Let your workplace's IT or security team know. Vishing attacks often target workplaces.  

How to protect yourself from phone scams  

You might not be able to stop scammers from blowing up your phone right now, but you can foster some habits to protect yourself.  

• Be skeptical of unknown callers. Let unknown numbers go to voicemail. If the caller needs to talk to you, they'll leave a voicemail! 

• Don’t trust caller ID. Scammers can spoof real phone numbers, even ones from your area code or bank. 

• Set up PINs or passphrases with your bank, carrier, and other services to prevent unauthorized access. 

• Talk to your family and set up a safe word. To defeat AI voice scams, set up a "safe word" with people close to you, a word or phrase the scammers can't find online. Many vishing scams target older adults with “grandparent scams” or younger workers with fake job calls. A little awareness goes a long way. 

Think before you talk 

If something feels off during a call, it probably is. Vishing scammers want to catch you off guard. But you have the power to slow down, hang up, and take back control. For more online safety tips, sign up for our free email newsletter!