Microsoft support calls to warn you about a software problem. The tax office sends you a voice message threatening a fine if you do not transfer the outstanding amount immediately. Your bank calls to tell you that your account has been blocked. Would you recognize these as vishing attempts?
You are here:
What is vishing and how do you protect yourself from it?
Vishing involves fraudsters placing calls and posing as employees of banks, insurance companies, tax offices, customer or support centers with the aim of eliciting money or confidential information from potential victims. This article tells you how vishers do this and how you can protect yourself.
What is vishing?
Vishing is a phishing attack that is conducted via a phone call or voice message. Fraudsters are increasingly using this form of data theft because it is very efficient. A personal conversation creates more trust than a written message. A call also requires a direct response, which prevents potential victims from having time to correctly assess the situation. The goal is therefore to force you to take immediate action.
Learn more about phishing in our article “Online data theft: phishing on advertising platforms”.
How do vishers operate?
Vishers like to pose as bank employees, tax officials or insurance brokers in order to steal personal data such as addresses, account details or passwords. Or they pretend to be technical support workers and insist that you need to download a program in order to fix a software problem. But that program contains malware designed to steal personal data. There are also vishers who trick potential victims into believing they have won a competition. To collect the prize, you must first provide your account details. Whatever trick they use, they all have one thing in common. The stories are always carefully thought through and the scammers use social engineering tactics such as intimidation or duress to achieve their goal.
How do I know that a call from my bank is genuine?
Some vishers claim that their target’s account has been blocked and their computer needs to be checked before it can be unblocked. To do this, the target is told to install remote software such as AnyDesk. If they then log in to online banking, the fraudsters also gain access. Other vishers don’t bother with a personal conversation and instead leave a voice message in which they claim, for example, that something is wrong with the target’s account. Anyone calling back will hear a message instructing them to leave their access or card details. Important: For authentication purposes, genuine financial service providers may ask their customers about their account balance, for example, but never about confidential data. If you are unsure whether it is a vishing call, you should end the conversation and call the bank’s official number.
Five tips from PostFinance to help you protect yourself
- Under no circumstances should you reveal your debit or credit card details or sensitive information such as your login details or PIN
- Never enter access data and passwords on websites that you were sent to via links
- For optimal protection, use two-factor authentication
- If somebody manages to access your data, block your cards or access to online banking
- In the event of any suspicious activity or loss of money, inform your financial institution immediately
What effects can vishing have?
If vishers are successful, they can make purchases and payments or take out loans at their victims’ expense. The victims can lose all their money and access to social benefits or even end up in debt as a result. Fraudsters are increasingly requesting less confidential information, such as gender, name or age, which they then sell on the Internet or use themselves to commit identity theft. There are also criminals who record phone calls in order to use their victims’ voices for deepfakes Catching fraudsters is difficult, so the likelihood of getting your money back is low.
How can you protect yourself from vishing?
Companies, financial institutions, authorities and the police never ask for confidential information over the telephone. If you are asked to change passwords or verify credit card details, you should hang up immediately. You should never disclose sensitive information, click on links, open attachments, install programs, or grant remote access to your computer as the result of a call. One way to protect yourself from vishing is to avoid answering calls from unknown numbers. However, fraudsters can also hide behind displayed phone numbers. Spoofing programs can easily be used to fake official telephone numbers. Therefore, if you suspect vishing, call the number from another phone or contact the company’s customer service directly.
What to do if you fall victim to a vishing call?
If you have given out personal information over the phone and are worried that you have fallen for a visher, you should act immediately: change your password, block the card in question and contact the corresponding financial institution. You should also inform the company in whose name the fraudsters contacted you and report the fraud to the police. You should also report the scam to the National Cybersecurity Centre (NCSC) The link will open in a new window report.ncsc.admin.ch. In general, the quicker you react, the greater the likelihood that you will get away with minor losses.
Useful security information
Learn more about other types of fraud in our article “Scammers’ tactics. What you need to know”. The National Centre for Cybersecurity (NCSC) also provides a lot of information for private individuals at The link will open in a new window ncsc.admin.ch, or you can visit the website The link will open in a new window skppsc.ch of the Swiss Crime Prevention (SKP) service. And the Lucerne University of Applied Sciences and Arts provides various courses with its “eBanking – but secure!” programme at The link will open in a new window ebas.ch.