Vishing

Sec+ Glossary πŸ“– β€’ Social Engineering πŸ‘₯ β€’ Threats ⚠️ β€’ Security+ 02 β€’ Difficulty: free

What is Vishing?

Vishing is phishing carried out through voice communication, such as phone calls or voicemail. Attackers use social engineering to trick victims into revealing sensitive information, approving actions, installing software, or transferring money, often by impersonating trusted organizations or authority figures.

Examples

  • A caller pretends to be from IT support and convinces an employee to share an MFA code to β€œfix a login issue.”
  • A voice message claims to be from a bank’s fraud team and pressures the victim to confirm account details and PINs.

Discover πŸ”Ž

Voice calls create pressure. A real person can sound confident, urgent, and believable, and it can feel uncomfortable to challenge them. Vishing takes advantage of that human instinct. Attackers use phone calls to build trust quickly and push targets into sharing information or taking actions that would be safer to verify.

Remember: Vishing is phishing by voice. The attacker uses conversation to create urgency and trust, then asks for something risky.

Summary πŸ“

Vishing is phishing by voice, using phone calls and impersonation to trick victims into revealing information or taking risky actions. It works because attackers can create urgency, adapt in real time, and spoof caller ID. Defense relies on strong processes, refusing to share passwords or one-time codes, and verifying requests through trusted contact methods.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.