It can seem like there's a never-ending supply of scam calls. It could be an automated voice telling you that your bank account has been hacked or someone telling you that your car has been involved in an accident.
In 2021, Ofcom reported that approximately 45 million people were targeted by scam phone calls and text messages. Ofcom's research also found that six in 10 over-75s received a suspicious phone call to their landline phones in the same year.
Scam calls are often easy to spot, but they can be dangerous if you fall for them. Scammers could gain access to your personal information or your bank details within a few minutes if you don't realise you're talking to a fraudster.
Continue reading to find out what the different types of scam calls are, how you can spot them, and ways to avoid falling victim to scammers.
Vishing is a type of cybercrime that is conducted over the phone. Scammers attempt to retrieve personal and financial information from their victims so that they can hack into their bank accounts or impersonate the victim in future scams. To do so, they may pretend to be a representative of a bank, the police, or other official organisations.
The scammer may tell their victim that their account has been compromised, and they must provide their password and personal details to resolve the issue. They will usually try to sound friendly but authoritative so that the victim trusts them.
Scammers can make hundreds of phone calls a day to unsuspecting individuals. They often use VoIP technology to access different phone numbers and names attached to them. Some cybercriminals are able to change the caller ID so that it appears the phone call is coming from a bank or other official organisation.
Vishing can be conducted in a number of ways. Cybercriminals may send out emails to potential victims with the aim of getting their phone numbers. They will pretend to be someone else in these phishing emails, such as an official organisation. Sometimes scammers will pretend to be a family member or friend in the hope that potential victims will share their phone numbers.
Through the email exchange, the scammer will then try to phone the victim on the number they provided or try to convince the victim to call them. Once the victim is on the phone, the scammer will create a story that excites or scares the victim. For example, the scammer may try to convince the victim that they have a great investment opportunity or that the victim is in trouble with the law. They will try to convince the victim to take action by sending over money or their personal details.
If the scammer is pretending to be from a bank account or similar organisation, they may try to get the victim to 'confirm' their personal details with the pretence of checking the information against their records. However, this is an attempt to retrieve your information. You should never give your credit card or bank details over the phone.
After the cybercriminal has the victim's personal or bank details, they can commit further crimes. They may try to drain the victim's bank account or use the personal information to impersonate the victim. They may also use the victim's personal information to try and scam more people (including colleagues and friends of the original victim).
Scammers will sometimes use phishing emails to obtain phone numbers. They may also directly contact people through numbers they found on a random generator or from a list of phone numbers that other scammers have contacted. You are likely to receive more vishing phone calls if you have interacted with a scammer in the past.
Cybercriminals are using increasingly sophisticated methods to trick people into handing over their sensitive data. This means vishing attacks aren’t always easy to spot. With that in mind, it’s useful to be aware of some common vishing scams:
A caller pretending to be from HMRC will claim you owe tax or say there’s an issue with a tax refund and ask you to verify your personal information. HMRC will never ask you for this information over the phone, but if you are concerned, hang up the phone and contact HMRC on 0300 200 3300 to find out if there really is an issue.
You’ll receive a call from a scammer who tells you they’re calling on behalf of your bank. They’ll say there’s been an issue with a payment you’ve made or that there’s been unusual activity on your account and ask you for private information — like your login details, card numbers or address — or ask you to make the payment again. Like HMRC, banks won’t ask you to provide this information over the phone, so again, you should hang up and call your financial institution to check that everything is OK.
A scammer will call you with an offer that’s too good to be true, such as a quick fix to pay off all your debt or a small investment that can earn you millions. They may tell you that the offer will expire, so you need to act quickly and pay a small fee to secure it. As tempting as it might sound, a legitimate lender wouldn’t randomly call you with an offer like this.
You’ll answer a call from someone saying you’ve won a prize. They’ll ask for your personal details because they say they need them in order to process the prize and ensure you receive it as soon as possible.
A fraudster will phone you offering compensation for a recent accident you’ve been in. While legitimate compensation companies do make cold calls, if you’ve been in an accident and wish to make a claim, it is always best to initiate contact yourself.
Tech support scams
A caller claiming to be tech support for a company like Microsoft or Virgin Media will say they’ve noticed unusual activity on your account or your computer has been infected with a virus. They will then ask you to confirm your account details or offer to fix the virus by providing you with anti-virus software that installs malware on your computer.
Unfortunately, as technology evolves, cybercriminals have more ways to trick people into disclosing their sensitive information or parting with their money.
Here are some examples of some of the techniques scammers are known to use:
- Caller ID spoofing — Vishing scammers can create fake caller ID profiles to make multiple phone calls from a number that seems legitimate. Scammers will sometimes use a number with the same area code, as they know people are more likely to answer calls from local numbers. Alternatively, they will list their number as “Unknown”.
- Wardialing — Cybercriminals can also use software to call numbers in certain areas and play an automated message urging recipients to provide their personal details and financial information in order to verify their accounts.
- VoIP — Like caller ID spoofing, scammers can use voice over internet protocol (VoIP) technology to make hundreds of calls at once from a number that appears to belong to a trusted organisation, such as a bank, a government department or the police.
As stated earlier, vishing attacks often start with an email that asks the recipient to disclose their phone number.
Another common way that vishing scammers identify their targets is by digging through the rubbish bins of banks and office buildings to look for contact information on documents that have been thrown away.
As well as being aware of common vishing scams and staying up to date on the latest guidance, there are some measures you can take to protect yourself:
If you receive a call from a number you don’t recognise, don’t answer. If it’s important, the caller will leave a voicemail, and you can call them back on the organisation’s official number. Bear in mind that scammers sometimes do leave voicemail messages, so don’t call back on the number they’ve given you.
If you’ve answered a phone call from someone claiming to be from a particular organisation and you experience any of the following, it may well be a vishing attack, and you should hang up immediately:
- An urgent or threatening tone
- You weren’t expecting the phone call
- A request for sensitive information
Don’t share your information
Remember that banks and building societies, government departments like HMRC and utility providers will never ask you to disclose sensitive information over the phone. You should also be suspicious of requests to modify your login details and other account settings.
List your number as ex-directory
You can list your number as ex-directory to prevent it from appearing in online and physical phone books, which means scammers won’t have easy access to your contact details.
Don’t respond to prompts
Ignore prompts in automated messages that ask you to press buttons or respond to questions. If you do, you will be confirming that the number is in use and will open yourself up to more scam calls. Additionally, as mentioned, some scams will record your voice and use the recording to impersonate you on a voice-automated phone call that’s tied to one of your accounts.
Do some research
Type the details of the call into a search engine to see whether anyone else has reported it as a scam.
Anyone can fall victim to a vishing attack. Cybercriminals are often extremely convincing and are constantly coming up with new ways to trick people.
If you are the unfortunate victim of a vishing attack, there are three things you should do:
- Keep your information safe by immediately cancelling or freezing the account that’s been compromised
- Report the scam to the police or the organisation the scammer claims to be from
- Report the scam to the fraud and crime reporting body ActionFraud
Vishing is a form of cybercrime that is based on phone calls. Scammers will try to get victims to part with their personal information (including bank details). They will often try to convince their victims that their money is in danger and that they need to transfer it to another bank account. Victims may also be told that they owe money or that they are being offered a good investment deal.