What Are Vishing Statistics in 2024? What Are Real-life Vishing Examples?

Voice phishing, commonly called vishing, has emerged as a significant threat. As scammers evolve their tactics, understanding the vishing threat landscape and knowing the latest vishing statistics is significant for individuals and businesses. This article explores the most recent vishing statistics, trends, and real-life vishing attack examples to provide a comprehensive picture of the vishing attack in 2024.

Vishing Attack Data and Trends

Vishing, or voice phishing, has emerged as a significant cybersecurity threat in 2024, leading to substantial financial losses, operational disruptions, and reputational damage.

In 2022, vishing attacks resulted in a median financial loss of $1,400 per victim, contributing to a total loss of $1.2 billion.

Vishing incidents have caused significant operational disruptions, with businesses facing costs for investigating breaches and implementing response measures.

In December 2021, nearly 470 customers of OCBC Bank lost a combined S$8.5 million to vishing scams, leading to significant reputational damage for the bank.

These statistics underscore the critical need for organizations to implement robust security measures and educate individuals about the risks associated with vishing.

Vishing Attack Demographics and Methods

• 20% of vishing victims are aged 60 and above, revealing concerning vishing victim demographics.
• To appear legitimate, 10% of attacks use caller ID spoofing, one of the prevalent vishing attack methods.
• The financial sector emerges as the primary vishing attack target, with these institutions facing the brunt of the scams.
• Hybrid vishing attacks, a blend of various deceptive techniques, have surged by 554% in volume.

Vishing vs. Phishing and Awareness

• Vishing represents more than 27% of all response-based threats, indicating the scale of vishing vs. phishing statistics.
• Surprisingly, 35% of victims do not report the incident, highlighting a gap in vishing awareness statistics.

Vishing's Impact on Businesses

• Did you know that 3 out of 4 businesses lost money to voice scams?
• With an average cost exceeding $14 million per year for each business, vishing poses a significant threat to corporate security.
• Criminals have a success rate of 77% in voice scams, leading to stolen credentials, data loss, and more.

Vishing Prevention and Risk Assessment

• The average financial loss from a vishing attack is $577, emphasizing the importance of vishing risk assessment.
• Regular training sessions for employees on cybersecurity and vishing threats have proven effective as a vishing attack prevention measure.
• Advanced technologies like spam blockers and caller ID verification are crucial tools in the fight against vishing.

Real-Life Vishing Attack Examples

From impersonating government officials to exploiting global crises for illicit gain, the following real-life examples trace the evolution of vishing attacks from 2019 to 2023. These cases not only demonstrate the breadth and depth of vishing strategies but also underscore the importance of vigilance, critical thinking, and verification in safeguarding personal and financial information against these deepfake attacks.

2019: Deepfake Attack on a UK Energy Company (March)

• Incident Overview: The CEO of a UK-based energy provider received a call from an individual mimicking the voice of his boss, the chief executive of the German parent company, using advanced deepfake voice technology. The caller instructed the CEO to urgently transfer €220,000 ($243,000) to a supposed supplier in Hungary.
• Scammer's Strategy: Leveraging deepfake technology to clone voices, creating an unprecedented level of authenticity in impersonation.
• Consequences: The CEO complied, resulting in a significant financial loss, with the fraudulent nature of the request only coming to light after the transfer was made.

2020: Twitter Vishing Scam Compromises High-Profile Accounts (July)

• Event Details: Hackers executed a coordinated "phone spear phishing" attack against Twitter employees, gaining access to internal systems and compromising 130 high-profile accounts, including those of Barack Obama, Joe Biden, and Kanye West.
• Methodology: The attackers used information obtained from the vishing attack to manipulate employees into providing access to account support tools.
• Impact: The scammers posted tweets from the compromised accounts soliciting Bitcoin, amassing around $110,000 before the scam was halted.

2020: Hong Kong's $41 Million Phone Scam (August)

• Victim's Ordeal: A 90-year-old woman in Hong Kong was conned into making 10 payments totaling $41 million after being told her identity had been misused in criminal activities in China.
• Scammers' Tactics: Utilized fear and urgency, pretending to be law enforcement officials to persuade the victim into compliance.
• Aftermath and Arrest: Following the victim's report to the police, a 19-year-old man was arrested, showcasing the rare instances of apprehension in such cases.

2020: Paytm KYC Scam Exploits Gullible Users

• Scam Execution: Fraudsters sent messages to Paytm users, claiming their KYC had expired and coerced them into calling back, under the pretense of reactivating their service.
• Fraudsters' Approach: Threatened users to install remote access software, ostensibly to assist with the reactivation process, but instead used it to steal payment information.
• Victim Impact: Reports emerged of significant financial losses, including a woman who lost $1,500 after falling for a similar scam.

2020: Healthcare Organization Patients Targeted in Vishing Attack (September)

• Organization Affected: Spectrum Health System disclosed a vishing scheme targeting its patients, with fraudsters posing as staff members.
• Scammers' Method: Sought personal information under the guise of routine data verification, exploiting the trust between healthcare providers and patients.

2020: Free COVID-19 Testing Kits Scam Amid the Pandemic

• Scam Context: Exploiting the global health crisis, scammers offered free COVID-19 testing kits, assistance with stimulus packages, or posed as charity workers, targeting nearly 60 million Americans.
• Financial Toll: Contributed to approximately $30 billion in losses, illustrating the massive scale and impact of these scams.

2020: The Tarneit Tax Scam (June 12)

• Incident Overview: A woman in Tarneit, Australia, received a vishing call from an individual claiming to be from the Australian Taxation Office (ATO), threatening her with legal action for an outstanding tax debt.
• Scammers' Strategy: The caller instructed her to withdraw cash and deposit $8,000 into another account, and purchase over $1,000 in iTunes cards, providing the card details via WhatsApp.
• Victim Compliance: The 41-year-old victim followed all instructions, highlighting the effectiveness of authority exploitation in vishing.

2022: National Australian Bank Impersonation (December 3)

• Victim's Encounter: Aurora, believing she received a security alert from her bank, contacted a number provided in a scam text, leading to a loss of $25,000.
• Fraud Method: The scam text was craftily inserted into an existing legitimate message thread from her bank, exploiting trust and creating a false sense of security.

2023: New Zealand's Westpac Impersonation Scam (November)

• Family Scammed: Denise, a mother-of-three, and her husband were deceived into handing over $32,000 within hours, following a vishing call and bombardment of texts, claiming a fraudulent transaction on their account.
• Fraud Dynamics: The scam involved a seamless coordination of phone calls and texts, exploiting the urgency and perceived legitimacy.

2023: The PayPal Scam Targeting an Elderly Man (December 2)

• Elderly Victim's Loss: An 84-year-old from Hingham lost nearly $100,000 to a scammer claiming an accidental deposit by PayPal, which led to remote access of his computer and bank account.
• Scam Mechanism: The scammer's request for the victim to perform actions on his computer likely facilitated unauthorized access, demonstrating a blend of vishing and remote access scam tactics.

2023: Europol and Eurojust's Multimillion-Euro Raid (November 16)

• Operation Summary: A collaborative raid by Czech and Ukrainian police, supported by Europol and Eurojust, revealed a vishing attack responsible for tens of millions of euros in losses, showcasing the international cooperation required to combat sophisticated cross-border cybercrime networks.
• Fraudster's Operation: The criminal group operated call centers in Ukraine, targeting primarily Czech victims by convincing them to transfer funds to 'safe' accounts controlled by the scammers.

2023: The MGM Casino Hack (September 11)

• Cybersecurity Breach Details: MGM Resorts International suffered a significant cybersecurity issue leading to system shutdowns, personal data breaches of customers, and estimated losses of $100 million, with an additional $15 million paid in ransoms.
• Attack Attribution: The breach, attributed to a group known as Scattered Spider, utilized ransomware, marking a confluence of cyberattack methods including ransomware and possibly leveraging vishing components for initial access or escalation.

Protect Yourself and Your Business from Vishing Threats!

The statistics and real vishing examples are clear: Vishing is a growing threat for 2024. But knowledge is power, and with the right tools, you can fortify your defenses against voice phishing attacks.

Why Choose Keepnet's Vishing Simulator?

• Real-world Scenarios: Experience and understand the tactics used by scammers in a safe environment.
• Comprehensive Training: Equip your team with the knowledge and skills to identify and thwart vishing attempts.
• Detailed Reporting: Gain insights into your organization's vulnerabilities and track improvements.
• User-friendly Interface: Easy to deploy and use, ensuring a smooth user experience.

Please watch our vishing simulator from the YouTube video below, and see how we help businesses fight against voice scams.

Editor's Note: This blog was updated on November 21, 2024.