Vishing

How it works

A caller poses as your bank, a supplier, the tax office, or an internal executive, and uses urgency and authority to push the target to act before they verify. Caller ID is easy to spoof, and AI voice cloning now makes a fake caller sound like a specific person.

Vishing often follows a phishing email or text, using the call to "confirm" the earlier message.

How it relates to brand impersonation

Vishing is impersonation over the phone, and it increasingly leans on deepfaked voices of real executives. The wider campaign usually still involves spoofed domains and fake identities that can be addressed.

How nebty helps

nebty removes the lookalike domains and fake profiles that vishing campaigns use to look credible across channels, and monitors for impersonation of your brand and people.

How to defend against voice phishing

Vishing works on the phone because voice carries authority and urgency in a way text does not, and caller ID is trivial to spoof, so the number on your screen proves nothing. AI voice cloning has made it worse: a few seconds of public audio can reproduce a known voice well enough to pass on a quick call. The defences are behavioural. Treat any inbound call that asks for credentials, codes, or a payment as unverified, hang up, and call back on a number you look up independently. Never read out a one-time code to someone who called you; legitimate organisations do not ask. For a brand, a vishing campaign usually runs alongside spoofed domains and fake profiles used to set it up or follow it up, and removing those disrupts the wider operation even though the call itself cannot be taken down.