Voicemail Phishing
A fraud technique that leaves a pre-recorded urgent message in a victim's voicemail, prompting them to call back a fraudulent number or visit a phishing site.
Also known as: vishing voicemail, voice drop scam, ringless voicemail fraud
Last reviewed: 1 June 2026
Voicemail phishing (sometimes called vishing via voicemail or 'voice drop') bypasses the need for a live call by depositing a pre-recorded message directly into voicemail — using ringless voicemail technology — or by calling and hanging up after the voicemail picks up. The message typically impersonates a bank fraud team, a government authority, or a delivery service, claiming urgent action is required.
Because voicemail feels more personal and effortful than a text, victims often take the prompt more seriously. The message includes a callback number that reaches a fraudulent call centre, or a URL that leads to a phishing page. The time pressure element — 'if you do not respond within 24 hours your account will be frozen' — exploits urgency bias.
Voicemail phishing has grown alongside multi-stage attack chains: a smishing message might prime the victim, a voicemail message reinforces the claim, and a live fraudster call closes the interaction. Defending against it requires the same principle as all vishing: never use contact details provided in an unsolicited message — always look up the organisation's number independently.
Examples
- A voicemail message claims to be from a bank's fraud team warning of a suspicious transaction, asking the recipient to call an 0800 number that connects to a scam centre.