Phish Files
Abstract Aliens On Flying Saucers Northern Lights Lighthouse Mountains Water Tree Sun Background Gradient Unidentified Flying Object Ufo Stars Vector Design Style Landscape
Phish Files Articles
November 28, 2025

Can You Hear Me Now? Don’t Fall for the Vishing Scam

Posted in: News

Breaking News image of a fish in a fishbowl in space

Vishing—a blend of “voice” and “phishing”—is a growing threat where scammers use phone calls or voice-over-IP (VoIP) to trick you into revealing personal, financial, or institutional information. They often use clever techniques to sound legitimate, but a little awareness can keep you, your data, and our institution safe.

This is a critical reminder for all faculty, staff, and students about what to watch out for, what to do if you receive a suspicious call, and how to report it.

What to Watch Out For: The Red Flags of a Vishing Attack

Vishing calls often create a sense of urgency or fear to prevent you from thinking clearly. Be immediately suspicious if a caller uses any of the following tactics:

1. Spoofed Caller ID

  • The caller ID may display a seemingly legitimate number, such as an internal campus office, your bank, or a government agency (like the IRS). Scammers use technology to “spoof” these numbers.

  • Actionable Tip: Never trust a caller ID alone.

2. Immediate Threat or Demand (Institutional)

  • Financial Threat: The caller claims your account will be suspended, your tuition payment is overdue, or you owe a large tax debt that must be paid immediately.

  • Legal Threat: They claim you are facing arrest, a lawsuit, or disciplinary action unless you comply with their instructions.

  • IT/System Threat: They say there is a critical problem with your computer, email account, or campus network access that requires you to download software or give them remote access.

3. Request for Sensitive Information

  • A legitimate institution (especially IT or Financial Aid) will almost never call you out of the blue and ask for your:

    • Full Password or PIN.

    • Duo Multi-Factor Authentication (MFA) codes (If a caller asks for an MFA code, it is a scam 100% of the time).

    • Full Social Security Number (SSN).

    • Credit Card or Bank Account Number.

Emotional Scams: When They Target Your Heartstrings

These are some of the most dangerous vishing scams because they prey on your love and concern for family.

Example: The Family-in-Distress Scam

The caller claims to be a loved one (a grandchild, niece, son, or daughter) who is in immediate danger, often crying or whispering to heighten the panic.

  • Scenario: A caller says, “Grandpa, it’s me. I’ve been arrested/I’ve been in a car accident and I need cash right now! Please don’t tell Mom and Dad.
    • The Scammer’s Goal: To scare you into wiring money or purchasing gift cards before you have a chance to call the family member’s actual phone number.

Example: The Kidnapping/Hostage Scam

This terrifying tactic involves the scammer claiming they are holding a family member hostage and demanding a ransom be paid immediately. The call may include background noises like muffled crying or shouting.

  • The Scammer’s Goal: To get you to pay without verifying the alleged victim’s location or safety.

What to Do If You Get a Suspicious Call

Your best defense against vishing is to pause, verify, and never feel rushed.

1. Hang Up Immediately

  • If you detect any of the red flags, simply hang up. You do not need to be polite or explain yourself.

  • Do not engage in conversation, argue, or press any numbers they instruct you to.

2. Verify Identity Independently

  • For Institutional Calls: If the call claims to be from a campus department or your bank, find the official, published phone number and call them back directly to confirm if they actually tried to reach you.

  • For Family Calls: If a “family member” calls with an emergency, immediately call that person back on their known, verified phone number (e.g., their cell phone). If you can’t reach them, call another close family member who can verify their location. Scammers rely on you acting before you think.

3. Be Wary of Payment Methods

  • The caller demands payment using non-standard methods like gift cards (e.g., Apple, Google Play), cryptocurrency, or wire transfers. Legitimate organizations and law enforcement will never request payment via gift cards or unsecured wire transfer for bail or debt.

How to Report a Vishing Attempt

Reporting suspicious calls helps us track patterns, warn the community, and protect our systems.

Audience What to Report Where to Report
Faculty, Staff, & Students Institutional/Campus-related vishing attempts (e.g., calls impersonating IT, Payroll, or the Registrar). IT Service Desk (Make sure to include the phone number & time of call)
All (Including Parents) General vishing, fraud, or scams (e.g., IRS, bank, family-in-distress, or financial threats). Federal Trade Commission (FTC) via ReportFraud.ftc.gov
All (Especially Victims) Calls involving financial loss, identity theft, or organized cyber-enabled crime. FBI Internet Crime Complaint Center (IC3) via ic3.gov
All Illegal robocalls, telemarketing scams, or Caller ID spoofing issues. Federal Communications Commission (FCC) via fcc.gov/complaints

Crucial Note: If you believe you have provided an unauthorized caller with your campus password, change it immediately using the official university password change portal and then report the incident to IT Security. If you shared personal banking information or lost money, contact your financial institution immediately as your first step.

Important Reminder About Personal Devices

Please remember that while our Information Technology team can assist with calls directed to university-owned phones or concerning campus systems, we are limited in our ability to block or investigate calls directed to your personal cell phone or home number. For those calls, using the Federal reporting channels (FTC, FBI, FCC) is the most effective way to fight back.

Stay Safe and Smart!

A legitimate interaction will always allow you time to verify the caller’s identity and will never threaten you for refusing to provide personal information over an unverified phone call. By staying vigilant and following these simple steps, we can all work together to protect our campus community.

“If someone calls demanding info and your stress level spikes, hang up. Vishing scammers can’t steal anything if you don’t stay on the line—think of it as ghosting for cybersecurity.”

Emily Harris
Chief Information Security Officer

Want to Know More?

Proofpoint | What Is Vishing?

Bank of America | How to avoid telephone scams

Kasperky | What Is Vishing?

TechNewsWorld | Researchers Mount Vishing Attacks With Real-Time Voice Cloning

Bank Info Security | Financial Institutions Face Surge in Vishing, Spoofing Scams