In plain English
Vishing (voice phishing) uses phone calls instead of emails. Attackers impersonate the ATO demanding urgent payment, Microsoft support warning of a virus, or a bank flagging fraudulent transactions. The goal is to create enough fear or urgency that victims hand over account credentials, payment details, or remote access to their computer.
Full definition
A caller tells you your bank account has been compromised. They know your name, your suburb, and the last four digits of your card. They sound calm and professional. They ask you to confirm your full card number and PIN so they can lock the account before the fraud goes further. That is vishing: a phone call engineered to produce a specific action by combining false authority with manufactured urgency.
ATO impersonators have targeted Australian small business owners for years, demanding immediate payment of fabricated tax debts and threatening arrest to create panic. The same technique works against IT teams: someone calls the help desk, claims to be an executive locked out of their account, and walks a junior staff member through granting remote access. No required.
The defence is a verification habit. Any unsolicited call requesting credentials, payment, or access should be treated as suspect regardless of how legitimate it sounds. Hang up and call back using a number from the organisation's official website. Help desk procedures should require identity verification through a separate, pre-established method before any access is granted over the phone. also limits the damage when credentials are given up, because a password alone is not enough to get in.
