What is vishing and how does it work?

You may have heard of phishing – when scammers use fake emails from trusted organisations like banks, service providers and government departments to trick victims into handing over sensitive information. Well, vishing is the voice call equivalent.

Man holding his smart phone and credit card

What is vishing?

Vishing - or voice phishing – is a form of cyber attack that attempts to trick victims into giving up sensitive information like credit card numbers, bank account details and passwords, over the phone. While that may sound dated, it’s no old fashioned scam. In fact, vishing attacks regularly make use of automated voice simulation technology or personal information gained from earlier cyber attacks to put victims at ease, often much to their cost.

The importance of being able to recognise this kind of attack and be ready for it can’t be underestimated. Fortunately, there are a number of ways you can help protect yourself against them.

How does vishing work?

Visher scammers usually start by phishing for victims online

This might include sending phishing emails, with the aim of getting a potential victim’s phone number, which they can then use as part of the scam.

They use fake caller ID profiles to appear legitimate

Typically, visher scammers create fake caller ID profiles so that the phone numbers they’re calling on seem legitimate and from a local area code or a trusted business.

They pose as a trusted organisation to gain sensitive information

Visher scammers usually pose as a trusted source – for instance, someone from a bank, credit card company, HMRC or a service provider - to trick people into handing over personal information. Typically, they’ll make vishing requests sound urgent in order to panic their victims into acting without thinking first.

They aim to use your personal information for their own gain

Once scammers have got the sensitive information they’re after, like a victim’s credit card details for instance, it can be used to commit financial theft, like unauthorised purchases or withdrawals from that person’s bank account.

Some common vishing scams

Recognising the tell-tale signs of a vishing attack can help protect against them. Here are a some of the most common scams to look out for:

Bank scams

These scammers may pretend to be from your bank’s fraud team, and call you to say there’s a problem with your card or account – for example, your card has been cloned. They’ll aim to get information like your log-in passwords, card numbers or PIN, and in some cases, even your One Time Passcode (OTP). Of course, at Barclaycard, our fraud team would never ask you for these. In fact, so you’ll always know when it’s us calling you, here’s a simple guide to check it’s us.

Compensation scams

These callers offer you compensation for things like a recent car accident. They may well be genuine, but unless you’re sure they are, it’s best not to share any personal information. Instead, it’s much safer to contact companies yourself if you’re considering making a claim.

Computer scams

A caller from a bogus helpdesk will tell you your computer has a virus, but they can fix it with anti-virus software for a fee. Their aim is to either install spyware on your computer and access your personal details, or get your bank card details.

HMRC scams

A scammer claiming to be from HRMC will call to say you have an unpaid tax bill or an issue with a refund. Don’t give them any details. Instead, call HMRC direct to find out if there’s a genuine problem.

It pays to be suspicious of callers who use urgent or forceful language to try to elicit a response. It’s also important to remember that institutions such as banks and building societies, utilities providers or government departments, like HMRC for instance, will never ask for personal information like passwords or PIN codes over the phone.

Protecting yourself against vishing

There are a number of ways you can help protect yourself against vishing scams, like keeping up to date with latest guidance. Of course, the more you understand vishing, the more prepared you’ll be to handle a bogus call should it come.

Here are a few simple measures you can take:

  • avoid answering phone calls from unknown numbers. Instead, let them go to voicemail
  • don’t share your personal information over the phone. Banks, credit card companies and service providers will never call asking for sensitive information
  • hang up immediately if a caller from a purported reputable company sounds suspicious. Then call the company yourself, so you can be sure it’s legitimate or not
  • be sure to report any vishing attempts straight away. The sooner you do, the quicker the scam will be squashed.

Reporting a vishing scam

If you spot the signs of a vishing scam, you can report it to Action Fraud, the national fraud and crime reporting centre. They’ll review your report, and send it to the police if necessary.

If money’s been taken from your account or you’re worried a scammer might have enough of your details to do so, let your bank know straight away. They can then protect your account from further issues.

How Barclaycard can help protect you from scams

We believe you can’t be too safe. So here are just a few ways we keep your account secure:

  • our fraud protection means you’ll be refunded for any fraud carried out on your account
  • your account is monitored 24/7. If something doesn’t look right, we’ll contact you straight away.

If you’ve had a suspicious phone call, you can speak to our fraud team by calling the number on the back of your card, or by email at internetsecurity@barclays.co.uk.

You can also find out more about reporting a scam.

What’s next?

Barclaycard’s fraud team are dedicated to stopping scammers in their tracks. So we’ve created a Fraud Fighter tool to help keep you prepared and protected.

Use our Fraud Fighter tool