Cyber Doc logo Cyber Doc
Cybersecurity Term

What is vishing?

Phone-based phishing where attackers use calls or voice messages to pressure people into unsafe actions.

Email & Fraud Last reviewed: 2026-05-20

← Back to Learn Centre

What is vishing?

Vishing is phishing done through a phone call or voice message. The attacker tries to pressure someone into sharing information, approving access, or taking an unsafe action.

Simple example

Someone phones a staff member pretending to be from IT support and asks them to approve a login prompt or read out a verification code.

Why it matters

Voice calls can feel more personal and urgent than email, which makes them useful for social engineering.

Common warning signs

  • The activity is unexpected or unusual for the business context.
  • The request or system behaviour creates pressure to act quickly.
  • Normal approval, verification, or security processes are bypassed.
  • There are signs of unauthorised access, data exposure, or system change.
  • Staff are unsure whether the request, message, or system behaviour is legitimate.

Cyber Doc view

This term should be understood in business context, not only as a technical issue. Good protection usually combines clear processes, appropriate technical controls, staff awareness, and a calm response plan.

What to do

Proactive steps

  • Train staff not to share passwords, MFA codes, or sensitive details over the phone.
  • Use call-back procedures for sensitive requests.
  • Keep internal support processes clear.
  • Limit publicly available staff contact details where practical.
  • Encourage staff to report suspicious calls.

Reactive steps

  • End the call politely and do not provide more information.
  • Record the caller number, time, and what was requested.
  • Report the call internally.
  • Review whether any access, code, or information was shared.
  • Monitor affected accounts if details may have been exposed.

Related terms

  • Social engineering
  • Phishing
  • MFA fatigue