How to recognize a vishing scam and protect yourself from attack

The phone rings and a recording says you owe the IRS back taxes and have to share your credit card number to settle the balance. Or it's the bank, warning you that your account has been compromised.

These are just two examples of "vishing," or voice phishing, a popular scam that can take place over a mobile phone or landline. The perpetrator will often pretend to be from a recognizable company or government agency and ask for your credit card, bank account info, Social Security number or other sensitive data.

These attacks are particularly effective because the scammers sound authoritative and urgent. In 2022, victims of vishing scams reported median losses of $1,400, according to the Federal Trade Commission (FTC).

Below, CNBC Select explains how to identify, avoid and recover from vishing attacks.

Vishing is a type of cybersecurity attack in which the perpetrator attempts to gain access to sensitive data over the phone. They typically seek financial details or Social Security numbers, but passwords and other data can also be the goal.

Scammers may pretend to be an authority figure — an IRS agent or bank official, for example — and claim there is a time-sensitive matter that requires your immediate attention.

Vishing scams can target individuals or companies: A September 2023 vishing attack on MGM Resorts International cost the casino approximately $100 million.

As opposed to online scams that use malware, vishing schemes rely on social engineering, or psychological tactics to convince victims to take a certain action.

While phone scams have existed for decades, cybersecurity experts say vishing is on the rise, thanks to technological advances like caller ID spoofing and AI-powered software that can mimic specific human voices.

While vishing can take different forms, there are telltale signs that can tip off savvy consumers.

• A pre-recorded message. Many vishing calls will have an automated message claiming you've won a free prize or that your urgent response is required to prevent a financial penalty.
• A request for sensitive information. If someone asks for your Social Security number or other personal details, it's a strong sign of a vishing attack. To sound legitimate, they might provide public information, like your birthday or job title.
• Posing as a government official. Scammers may claim to be from a federal agency, such as the IRS, but legitimate government officials will never call, email or text to ask for money or personal information.
• Using an aggressive manner. A phone call allows scammers to catch victims off-guard more than an email or letter. Be skeptical of any caller pressuring you to quickly provide sensitive information.

While vishing is an increasing threat to consumers, there are ways to guard against scammers.

• Screen your calls carefully. If you don't recognize a number, let it go to voicemail. Some scammers will "spoof" your caller ID into thinking their call is coming from a nearby location or a reputable source. If you want to reply to a voicemail, seek out an official contact number or email and confirm any information they provided.
• Be suspicious of unsolicited phone calls. If you suspect that a call is a vishing attack, hang up immediately. Don't answer their questions or press any buttons. Don't try to confront them since scammers can record your response to gain access to voice-activated menus.
• Don't share personal data. Never share passwords, log-in names, driver's license or passport information over the phone. Avoid giving out your Social Security number or other sensitive information over the phone, especially if you didn't originate the call.
• Get on the National Do Not Call Registry. This free service from the FTC informs marketers that you don't want unsolicited phone calls. While nefarious callers don't abide by the registry, signing up means any unknown caller is less likely to be a legitimate business.
• Become an AT&T wireless customer. AT&T and TransUnion have partnered on TruContact Branded Call Display, which enables businesses to display their name and logo when calling AT&T customers. That way subscribers can confirm the number has not been illegally spoofed.

Of course, no one is 100% immune from scammers. There are some steps to foil a vishing attack once it's started, like setting up multi-factor authentication on sensitive accounts.

Credit monitoring products can also help you spot if your account or identity has been compromised. CreditWise® from Capital One is a free service that alerts users about changes to their credit history on TransUnion and Experian, including new accounts, delinquencies, balances and hard inquiries.

You'll also be notified about suspicious activity associated with your identity.

A paid service, IdentityForce® UltraSecure+Credit reports changes submitted to all three credit reporting agencies. It also offers advanced information and identity monitoring, fraud alerts and $1 million in identity theft insurance.

If you suspect you've fallen victim to a vishing scheme:

• Contact your financial institutions immediately and examine your accounts.
• Place a security freeze on your credit report
• Change your passwords, especially for more sensitive accounts.
• Report any attempted scams to the FTC and FBI.

Vishing scammers are developing more advanced strategies every day. It's important to be skeptical of unsolicited phone calls and refrain from sharing personal information over the phone.

At CNBC Select, our mission is to provide our readers with high-quality service journalism and comprehensive consumer advice so they can make informed decisions with their money. Every article is based on rigorous reporting by our team of expert writers and editors with extensive knowledge of financial products. While CNBC Select earns a commission from affiliate partners on many offers and links, we create all our content without input from our commercial team or any outside third parties, and we pride ourselves on our journalistic standards and ethics.

Catch up on CNBC Select's in-depth coverage of credit cards, banking and money, and follow us on TikTok, Facebook, Instagram and Twitter to stay up to date.