Skip to content Skip to main navigation Report an accessibility issue
Information Security

What is Vishing (Phone Phishing)? 



In a world of constant communication, cybercriminals can use various devices to reach your personal information. Email and computer users know that email phishing is among the most common threats to your devices and account information. Unfortunately, phishing emails are not the only way people can try to fool you into providing your personal information to steal your identity, commit fraud, or compromise your accounts and computers.The term “vishing” refers to voice phishing. Essentially, this type of phishing occurs when criminals use the phone to solicit your personal information. Vishing relies on social engineering techniques to trick you into providing information that allows others to access your important accounts or devices. Because vishing is carried out over the phone, it is vital to recognize the signs of a fraudulent vishing attempt.Example 1: Vishing scammers will contact you under the guise of a reputable company, bank, or even IT Support and request access to your account or computer information. For example, a vishing scammer posing as a “tech support representative” calls your office or personal cell phone to request information about departmental printers. Example 2: In one case reported to OIT, an employee received a call on their personal cell phone while at work. The “tech” asked them to type some commands into their computer. When the employee pushed back by questioning the call, the “tech” became agitated and angry, verbally reprimanding the employee. Example 3: Another twist on vishing attack begins with an email instructing the targeted person to respond in a text message to the bad actor instead of replying over email.Follow these tips to avoid vishing attempts:OIT’s number one recommendation is to HANG up or do not accept calls from phone numbers you don’t recognize and immediately report them to the OIT HelpDesk.If you receive an email or phone call asking you to call a number and you suspect it might be a fraudulent request, look up the organization’s customer service number and call that number rather than the number provided in the solicitation email or phone call. If you don’t recognize the number, wait for the voicemail, and listen before returning the call.If you receive a suspicious phone call, always verify the source before providing any information.In general, do not provide personal information or information about departmental equipment to anonymous or otherwise “odd” callers.Check the “reply-to” email address. If you don’t know the person, call the department and ask to speak to the person who supposedly sent the message. Money is always the motivation behind these vishing attacks.NO ONE from the university will contact you and ask you to spend your personal money on behalf of the university with the promise of “paying you back.”

Title: /Applications/Microsoft Word.app/Contents/Resources/Lines/Default Line.gifIf you have any questions about the topics covered in this week’s OIT Weekly,contact the OIT HelpDesk online or at 865-974-9900.


Join/Leave the IT Weekly listserv. Follow us on Twitter @UT_OIT for quick announcements, special events, and upcoming outages.Did you miss last week’s OIT Weekly? View the archives.
by Williams, Andrea Deniece at 9:56 AMEmail a link0 commentsThere are no comments for this post.