The term “vishing” – from the combination of ‘voice’ and ‘phishing’ – has gained relevance in recent times: it designates a telephone scam technique where the criminal impersonates the agent of a trusted entity, such as a bank, to obtain personal and financial information from their victim (such as account numbers, passwords or access codes).

They often resort to social engineering (to induce a sense of urgency) and go so far as to manipulate the caller ID, so that the name and phone number of the bank appear instead of an unknown number, which makes the call seem even more legitimate and generates a false sense of security in the victim.

In recent days, institutions such as the Civil Guard and the National Cybersecurity Institute (INCIBE) have issued warnings about this scam method, to alert the population about its dangers:


The Five Main Modalities of Vishing

  1. Suspicious Activity Alert: Here, criminals report suspected suspicious activity in the victim’s bank account, asking the victim, with various excuses, for the security codes that they receive via SMS or banking applications. Once the frightened victim provides them, the attacker is free to make all kinds of fraudulent transactions.
  2. Direct access to the banking app: In this variant of the previous one, the fraudsters directly ask for the user’s access credentials to the banking application, with the aim of taking full control of the account.
  3. Deceptive transfers: Cybercriminals persuade the victim to make a money transfer to a “secure” account, which is actually controlled by them. In other words, they are actually tricking her into transferring all her money to them.
  4. Authorization of ATM withdrawals: Through deception, they make the victim perform actions in their banking app that result in the scammer authorizing withdrawals.
  5. Fake Banking Apps: Promotion of fraudulent applications that mimic those of real banks, where victims enter their personal data and credentials, giving fraudsters access to their legitimate accounts.

How to Protect Yourself Against Vishing

To prevent becoming a victim of vishing, it’s crucial to be skeptical of unsolicited calls that require personal or financial information. It is recommended to always verify the identity of the interlocutor by contacting the entity involved directly. On top of that:

  • A bank representative will never ask us to share with them information such as the code that we receive by SMS (which are usually accompanied by warnings of “never share this SMS”), or the access codes to electronic banking (which are usually given to us at the branch in a sealed envelope for good reason).
  • The bank can block the possibility of making transactions from a certain account, it does not need us to transfer all our money to a “safe account“.
  • Download the official banking apps by searching for them yourself in the Google Play Store or App Store. Never through a link that someone sends you.


Please enter your comment!
Please enter your name here