![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2026\/04\/What_is_vishing.jpg\")
<\/p>\n<\/p>\n
Phone scams work because a real voice can feel more convincing than a message on a screen. When someone sounds calm, confident, and official, it is easy to believe the call is real \u2014 especially if they claim there is a problem with your bank account, Apple ID, a delivery, or taxes.<\/p>\n
That is what vishing is. It is a scam that uses phone calls or voicemails to pressure you into sharing sensitive information, reading out a verification code, sending money, or giving someone access to your accounts or device.<\/p>\n
This guide explains what vishing usually sounds like, the warning signs to watch for, and what to do if a call does not feel right.<\/p>\n
Not every scam call sounds dramatic right away. Some start small with a missed call, a short voicemail, or a quick check to see if you\u2019ll answer. If you do pick up a vishing call, here\u2019s what it often feels like when it happens:<\/p>\n
Most vishing calls don\u2019t start with anything obviously suspicious. They usually begin with a call from someone claiming to be from a bank, a service provider, or a government agency. The call introduces a problem \u2014 for example, money is at risk or there\u2019s a problem with a service \u2014 and it can sound genuine.<\/p>\n
At first, it feels like a normal customer service call. The caller may sound calm and helpful, walking through what seems like a standard process. Then the tone shifts, and there\u2019s pressure to act quickly \u2014 for example, reading back a security code, downloading an app, or making a payment to resolve the issue.<\/p>\n
In some cases, the caller already has access to basic personal details, such as a name or address, which makes the call feel more legitimate. The situation itself can vary \u2014 it might be described as a suspicious bank charge, a problem with an internet service, or an issue with taxes or legal records.<\/p>\n
These calls are often made to look and sound familiar. The number that shows on the phone screen may be \u201cspoofed\u201d to match a real company, hiding the scammer\u2019s real number. Some calls are automated at first, then passed to a real person, and in some cases, voices are AI-generated to sound like a recognizable public figure.<\/p>\n
If the caller gets the information they\u2019re asking for, the impact can build quickly. It might start with access to an account, like your Apple ID, or a password reset, then lead to sensitive data being exposed and, in some cases, money being moved between accounts.<\/p>\n
In some situations, software downloaded as \u201csupport\u201d tools stays on a device and allows the scam caller to access it after the call has ended. That access can let them see what you\u2019re doing in real time \u2014 opening emails, logging into accounts, or managing your files \u2014 and in some cases, use that access to capture passwords or move further into your accounts.<\/p>\n
Here are a few examples of how vishing scams show up in real situations:<\/p>\n
In 2025, scammers used AI to mimic the voice of Italy\u2019s defense minister, Guido Crosetto. They contacted prominent business leaders and claimed urgent funds were needed to help free kidnapped Italian journalists. Massimo Moratti reportedly transferred almost \u20ac1 million<\/a> before the scam was uncovered.<\/p>\n In 2023, attackers used social engineering against MGM Resorts<\/a>, helping trigger a cyberattack that disrupted services including digital room keys, reservations, and other hotel systems.<\/p>\n Scammers have repeatedly impersonated the Canada Revenue Agency<\/a> and pressured people to make immediate payments by claiming they owe taxes. Scam calls may use spoofed numbers and threatening language to make the contact seem real and urgent.<\/p>\n Smishing and vishing are closely related<\/a> \u2014 both aim to build trust just long enough to get personal details or convince someone to act.<\/p>\n Smishing uses text messages or messaging apps to send fake alerts, links, or phone numbers. These messages are usually short and urgent, warning about suspicious activity, delivery issues, or security problems.<\/p>\n Vishing uses phone calls or voicemails to build trust through conversation. That direct contact can create a different kind of pressure. When a caller sounds calm and confident, it\u2019s easier to go along with what they\u2019re saying \u2014 especially if they claim to be calling from a bank or a familiar company.<\/p>\n Many scams use both methods together. A common pattern starts with a scam text telling the recipient to call a phone number rather than click a link.<\/p>\n Once the call begins, the scammer tries to keep the conversation moving long enough to ask for information or get access that shouldn\u2019t be shared, like a login code or permission to enter an account.<\/p>\n Moving from a text to a call can make the situation feel more like a real support process, which makes the warning signs easier to miss.<\/p>\n Spear vishing is a more targeted version of vishing. Instead of calling people at random, the scammer focuses on one person and uses the details they found beforehand to make the call feel familiar.<\/p>\n That might include mentioning a colleague, a recent project, or information pulled from a professional profile or company website \u2014 small details that make the call sound convincing.<\/p>\n At work, this often involves someone posing as IT or finance. Because they sound like they belong, it\u2019s easier to go along with a request to share a password or approve a payment without stopping to question it.<\/p>\n Staying safe from vishing calls means slowing things down and paying attention to what feels off.<\/p>\n A few habits can make these calls less effective:<\/p>\n Don\u2019t share any information during a suspicious call. If a caller asks for sensitive details like your PIN, password, or a one-time verification code, treat that as a serious warning sign. Scammers specifically ask for verification codes to break into accounts.<\/p>\n It\u2019s perfectly fine to hang up the moment you feel uncomfortable. You don’t owe the caller an explanation, and putting the phone down gives you the space to think clearly without pressure.<\/p>\n If you want to check if the call was real, reach out to the company yourself. You can find their phone number on their website, in their app, or on a recent paper statement. Don\u2019t rely on the number that showed up on your screen or any callback numbers left in a message, because caller ID can be spoofed.<\/p>\n It\u2019s best not to follow any directions the caller gives you, like downloading a new app or clicking a link they sent. These can give someone access to your device or accounts, and may allow apps to make unexpected connections in the background \u2014 something a firewall<\/a> can help you keep an eye on.<\/p>\n If you\u2019re ever in doubt, it\u2019s okay to pause. You can always talk it over with someone you trust. Taking that extra minute to check is often enough to avoid any problems.<\/p>\n If you shared information with a suspicious caller, start by securing your main accounts. Change your passwords, especially for email, banking, and accounts like your Apple ID or Google account.<\/p>\n Let your bank and phone provider know what happened. They can add extra identity verification so only you can make changes or move money, pause payments, or watch for unusual activity.<\/p>\n If you let the caller view your screen or control your device, turn those permissions off and delete any software they asked you to download. If you use a Mac, a tool like Intego\u2019s antivirus<\/a> can help check for and remove anything that shouldn\u2019t be there.<\/p>\n Finally, keep an eye on your accounts over the next few days or weeks. Watch for unusual logins, password reset attempts, or transactions you don\u2019t recognize. If anything stands out, contact your bank or service provider so you can secure the account right away.<\/p>\n Vishing calls work because they lean on human trust and a sense of urgency \u2014 things that aren\u2019t always easy for a security tool to spot. Scammers are now using a mix of phone calls, messages, and emails together, which makes it easier for them to convince people to take specific actions.<\/p>\n By keeping a few simple habits in mind \u2014 like not sharing personal information over the phone \u2014 it\u2019s much easier to stop, check what\u2019s happening, and handle the situation safely.<\/p>\n Vishing<\/a> is short for “voice phishing.” It describes a scam where a scammer calls or leaves a voicemail pretending to be someone they aren’t, hoping to get a person to share things like passwords or bank details.<\/p>\n Phishing usually happens through email, smishing arrives as a text or a chat message, and vishing happens over the phone \u2014 either through a direct call or recorded voicemail.<\/p>\n Vishing calls create a sense of urgency<\/a> or concern, then start asking for details like passwords, bank logins, or verification codes.<\/p>\n Callers may also try to keep the conversation going or get defensive if you suggest hanging up and calling the company back yourself.<\/p>\n Scammers pretend to represent a well-known company, using a calm, confident tone to make it seem like something needs attention.<\/p>\n By guiding the conversation, they make the call feel routine enough that sharing details or approving a payment doesn\u2019t seem unusual at that moment.<\/p>\n They may also mention small details they\u2019ve found online or in public records, which helps the call feel more believable.<\/p>\n Yes. On a personal number, the person on the other end may claim to be from a bank, a tech support desk, or a government office.<\/p>\n At work, these callers often focus on people who handle payments, manage accounts, or have access to internal systems. They might pretend to be an executive or someone from IT to make any requests feel routine.<\/p>\nSocial engineering in the 2023 MGM Resorts cyberattack<\/h3>\n
CRA impersonation scam in Canada<\/h3>\n
Smishing vs vishing and how these attacks work together<\/h2>\n
Spear vishing and targeted voice attacks<\/h2>\n
How to reduce your risk<\/h2>\n
\n
What to do if you get a suspicious call<\/h2>\n
What to do if you already shared information<\/h2>\n
Staying one step ahead of vishing calls<\/h2>\n
Frequently asked questions about vishing<\/h2>\n
What does the term \u201cvishing\u201d mean in cybersecurity?<\/h3>\n
How is vishing different from phishing or smishing?<\/h3>\n
What are common signs of a vishing scam call?<\/h3>\n
How do scammers trick people during vishing attacks?<\/h3>\n
Can vishing target both personal and business phones?<\/h3>\n
What should I do if I accidentally give information to a vishing caller?<\/h3>\n