Vishing (Voice Phishing)
Phone-based social engineering where scammers impersonate banks, government agencies, or tech companies to verbally extract credentials, money, or personal information.
Also known as: voice phishing, telephone scam, phone fraud social engineering
Last reviewed: 10 June 2026
Vishing combines voice calls with social-engineering scripts designed to create urgency, fear, or trust. A vishing caller might pose as a bank fraud investigator warning that your account is being drained, an IRS agent threatening arrest for unpaid taxes, a tech-support agent claiming your computer is infected, or a government official processing a grant. The goal is to keep the victim on the phone while they take actions: transferring money, reading out one-time codes, installing remote-access software, or providing account passwords.
AI voice-synthesis tools have elevated vishing significantly. Cloned voices of family members, corporate executives, or even the victim's own bank representative are used in high-value attacks. 'Authorised push payment' fraud — where banks face pressure to reimburse victims who were verbally manipulated into wire transfers — is heavily driven by vishing calls.
The most effective consumer defence is a cold-call policy: never take consequential action based on an inbound call, regardless of caller ID or how convincing the scenario sounds. Hang up and call the institution back using the number on your card or their official website. Establish a family safe word to verify identity in emergency scenarios that might be fabricated by AI voice cloning.