Vishing, short for "voice phishing," is a type of social engineering attack where scammers use telephone calls to deceive individuals into revealing sensitive information or performing certain actions. It is essentially a voice-based version of traditional phishing or spear phishing.

In a vishing attack, the attacker typically impersonates a trusted entity, such as a bank representative, government agency, or technical support staff, to gain the victim's trust. They may use spoofing techniques to manipulate the caller ID and make it appear as if the call is coming from a legitimate source.

The attacker employs various tactics to trick the victim into divulging personal information, such as bank account details, credit card numbers, social security numbers, or login credentials. They may claim there is a security issue with the victim's account, an unauthorized transaction has occurred, or some urgent action is required to prevent a negative consequence.

Vishing attacks often involve persuasive and urgent language, aiming to create a sense of panic or fear in the victim. The attacker may also use social engineering techniques to gather additional information during the call, which they can later use for further malicious activities.