Here’s why the click rate for vishing scams is triple that of phishing


Most professionals have heard of phishing. It’s an online scam impersonating an individual or a company (typically via email) to persuade people to click on malicious links or take risky actions.

Vishing is a similar social engineering attack; only it happens on the phone rather than by email. Playing on people’s fears and emotions, it has one purpose only – to extract critical personal data. And recently, scammers seem to get more success with vishing.

What is vishing?

Typically, hackers use vishing attacks to extract personal information such as phone numbers, email addresses, and even bank account numbers and sensitive business details – anything that can help them advance in future attacks.

Attackers use phone calls and voice over IP (VoIP) technology to carry out these attacks. Funny enough, vishing is often accompanied by smishing, which refers to the same attack being carried over deceptive SMS messages.

During one of these attacks, hackers pretend to be calling from a company, bank, or even a government institution and request some information from you. These attacks are so effective because there is an actual human on the other end of the line, unlike phishing attacks where you cannot feel that emotional effect over an email.

Phone calls are more convincing

According to research done by IBM, voice phishing attacks got a victim to click on a malicious link 53.2% of the time, while phishing attacks resulted in clicks only 17.8% of the time. Thus vishing scams are three times more likely to succeed, which is reason enough to be concerned.

It’s crucial to be aware of scams like these to recognize future threats. Employees must be warned not to provide sensitive information over the phone or via text messages. And practices should be in place on how to recognize and handle such attacks.

Unfortunately, many people are unaware that these scams exist and easily fall for scammy little tricks like vishing. The rise of AI and deep fake technology makes it more challenging to recognize vishing attacks. This technology can easily make a robot sound like one of your family members or colleagues, which is quite disturbing.

Some of the most common vishing tricks include:

  • imitating a car insurer offering to extend your insurance,
  • imitating a travel agency offering you an all-paid holiday,
  • a lottery organizer calling to tell you that you won a prize.

While the lottery or holiday examples may sound like obvious scams, a car insurer checking in with your insurance may sound pretty realistic.

And it gets worse when it comes to scams targeting businesses. They are even more clever. Hackers do their research and find out much more details about their victims (and their businesses) before contacting them. After all, the more personalized the attack is, the better the success rate.

Staying Safe from Vishing Attacks

We’ve come to a point where it’s becoming more and more difficult to recognize these scams and set them apart from real-life opportunities. So, how do you stay safe from vishing attacks?

  • Start by protecting your phone number and preventing it from getting into the wrong hands. It’s impossible to be 100% sure that no one will ever find your phone number. But you can reduce the chances of becoming a target by not providing your number on random websites and login forms.
  • Use your email to log into websites whenever possible, and make sure your number is not publicly visible on any of your social networks.
  • Now, no matter how careful you are, chances are that someone could come across your number one way or another. For that reason, you need to be aware of potential vishing threats and get in the habit of questioning situations that you find suspicious.

After all, a travel agency offering you a free holiday is already pretty suspicious; it won’t take you long to put 2 and 2 together.

  • Not sure whether the person on the other line is genuine or not? Always ask for additional information or insist on an in-person meeting. A legit colleague, business partner, or a car insurer would agree to it.
  • As always, remember to stay away from suspicious links and files you receive via email, SMS, or any other communication channel. Always double-check the source before taking further steps. And don’t forget to pay close attention to people’s intentions over the phone.

Gerald Ainomugisha is a freelance Content Solutions Provider (CSP) offering both content and copy writing services for businesses of all kinds, especially in the niches of management, marketing and technology.