Keepnet Labs Logo
Menu
HOME > blog > vishing statistics 2023 unmasking the voice phishing threat

Vishing Statistics 2024: Unmasking the Voice Phishing Threat

Explore the vishing statistics in 2024. Understanding vishing trends is significant for enhancing your defenses against voice phishing. Ensure your personal and organizational data is protected from vishing attacks.

Vishing Statistics 2024: Unmasking the Voice Phishing Threat

Vishing or voice phishing is a deceptive practice where fraudsters use voice communication, primarily phone calls, to trick unsuspecting individuals into divulging personal and often financial information.Unlike the more commonly known email phishing, vishing leverages the trust we inherently place in voice interactions, making it a potent tool in a scammer's arsenal. Although not a new concept, vishing has recently become resurgent, with scammers employing increasingly sophisticated methods to ensnare their victims.

Understanding the significance of vishing statistics is not just about numbers; it's about recognizing the scale and impact of the threat. In 2021 alone, more than 59.4 million Americans fell victim to voice phishing. These aren't just faceless statistics; they represent individuals who've faced financial losses, identity theft, and the emotional trauma accompanying such violations.

Voice phishing, or vishing, has emerged as a significant cybersecurity threat in 2024, leading to substantial financial losses, operational disruptions, and reputational damage for organizations.

In 2022, vishing scams resulted in a total loss of $1.2 billion for consumers and businesses, with median losses per victim reported at $1,400.

A 2024 report by the Anti-Phishing Working Group (APWG) noted a 30% increase in vishing and smishing detection volumes compared to the previous quarter, indicating a significant rise in operational challenges for organizations.

In December 2021, nearly 470 customers of OCBC Bank lost a combined S$8.5 million to vishing scams, leading to public outcry and necessitating the bank to issue full goodwill payouts to all victims, thereby impacting its reputation.

These vishing statistics underscore the critical need for organizations to implement robust security measures and educate stakeholders about the evolving tactics used in vishing attacks.

As we navigate to 2025, security awareness training is our strongest weapon. Recognizing the significance of vishing and its prevalence is the first step in safeguarding ourselves against it. As we delve deeper into this topic, we'll explore the intricacies of vishing, its global impact, and the measures we can take to protect ourselves in 2024.

What is Vishing? Understanding the Voice Behind the Scam

Vishing, a portmanteau of "voice" and "phishing," is a form of cybercrime where fraudsters use voice communication, primarily telephone calls, to deceive individuals into providing sensitive personal or financial information. This deceptive practice capitalizes on the inherent trust many people place in voice interactions, making it a particularly insidious form of scamming.

At its essence, vishing operates on the same foundational principle as traditional phishing: deception. However, while phishing typically involves deceptive emails or websites designed to impersonate legitimate entities, vishing focuses on voice-based deception.

The scammer might pose as a bank representative, a government official, or a tech support agent, using a concocted narrative to extract valuable information from the unsuspecting victim. The immediacy of a phone call, combined with the human element of voice, often creates a sense of urgency, compelling the targeted individual to act quickly without questioning the call's legitimacy.

The distinction between vishing and traditional phishing is crucial. Email phishing scams depend on duping the recipient into clicking malicious links or downloading harmful attachments.

These emails often contain telltale signs of fraud, such as spelling errors or suspicious email addresses. In contrast, vishing attacks leverage the art of human persuasion, with scammers employing social engineering tactics to sound convincing and authoritative over the phone.

This direct human interaction can make vishing scams harder to detect, as the scammer can adapt their approach in real time based on the victim's responses.

While vishing and phishing are deceptive strategies to extract valuable information, their mediums and methods differ. With its voice-centric approach, Vishing presents a unique set of challenges, emphasizing the importance of being cautious and informed, even when answering a simple phone call.

The Rise of Vishing: A Historical Dive into Voice Deception

Historically, phone scams have always existed. Before the internet became a household staple, deceptive phone calls were a common method for fraudsters to exploit unsuspecting individuals. However, as email and the internet grew in popularity, cybercriminals shifted their focus to these new platforms, leading to the rise of traditional phishing.

But old tactics never truly disappear; they merely adapt. Vishing found its modern playground with the proliferation of smartphones and VoIP services, allowing for easy spoofing phone numbers.

The evolution of vishing is also intrinsically linked to the advancements in technology and the changing habits of consumers. As people became more wary of suspicious emails and links, scammers sought a more direct approach.

The immediacy and perceived authenticity of a phone call, especially one that appears to come from a known number or institution, provided the perfect avenue for this. Add to this the rise of voice-activated smart devices, and the potential for vishing attacks expanded even further.

This resurgence isn't just theoretical. The numbers speak volumes. As mentioned above 2022, a staggering 68.4 million Americans were ensnared by voice phishing scams. This figure isn't just a testament to the effectiveness of vishing but also an alarming indicator of its prevalence. Such a vast number underscores that vishing isn't a fringe threat but a mainstream concern that demands attention.

From its rudimentary beginnings to its modern-day sophistication, vishing has proven to be a resilient and adaptive threat, emphasizing the need for continuous vigilance in our interconnected world.

Key Vishing Statistics for 2024: The Voice Behind the Scam

2024 has brought forth numerous conveniences, but with these advancements come new threats. Vishing, or voice phishing, is one such peril that has significantly increased in recent years.

Here are some important statistics that shed light on the magnitude of this issue:

  1. The Growing Menace in America: Over 59.4 million people in the U.S. fell victim to vishing in 2021. This alarming number underscores the increasing threat of voice phishing in the country.
  2. Financial Impact: Americans lost 29.8 billion USD to vishing in 2021, a 49.7% increase from the 19.7 billion USD in 2020. The average loss per individual was 502 USD in 2021, up 43% from 2020.
Financial Impact-.jpg

3. COVID-19 and Vishing: The pandemic has affected our health and paved the way for scammers. Approximately 59% of Americans received scam calls related to COVID-19 in 2021, a rise from 44% in 2020.

4. Demographics and Vishing: Youngsters, particularly those aged 18-44, are more susceptible to vishing attacks. Interestingly, men seem more vulnerable, with 59.4% of vishing victims in 2021 being male.

5. The Preferred Medium: Smartphones are the primary channel for vishing attacks. In 2021, scam calls on mobile phones increased to 85%, while those on landlines decreased to 20%.

6. Global Perspective: Vishing is not just an American problem. For instance, Brazil has been the most spammed country for four consecutive years. In October 2021 alone, Peru recorded over 12 million spam calls, and Mexico witnessed over 3.2 million.

7. The Indian Scenario: A single scammer in India made over 202 million spam calls in 2021. Most of these calls were related to sales or telemarketing, with the KYC scam being the most prevalent.

8. Spoofing and Deception: Approximately 70% of scam calls in the U.S. use number spoofing to deceive victims. This method involves masking the caller ID to make it appear that the call is coming from a trusted source.

9. Awareness and Response: The average duration of a spam call in 2021 was just 12 seconds, indicating that people are becoming more aware and are quick to disconnect suspicious calls.

10. The Need for Vigilance: Scammers often possess essential personal information about their targets before making the scam call. In 2019, 75% of victims who lost 1,000 USD or more stated that the scammer already had some of their details.

11. Rising Trend: In 2021, 59.49 million Americans (23%) lost money to vishing. This is an increase from 56 million in 2020 and 43 million in 2019, highlighting the growing trend of vishing attacks.

Rising Trend.jpg

12. Gender Disparity: Among the victims of vishing in 2021, 59.4% were men, while 38.3% were women. The remaining 2.3% preferred not to disclose their gender.

13. Age Matters: Young men, especially those aged between 18-34 (40%) and 35-44 (46%), are more likely to fall victim to vishing attacks compared to older men aged 45 or more (28%).

14. Device Preference: Mobile phones are the primary medium for vishing attacks, with the number of scam calls on these devices increasing from 49% in 2014 to around 85% in 2021.

15. Global Hotspots: Brazil remains the most targeted country for vishing attacks, with 44.1% of vishing calls in 2021 originating from financial services. Peru, on the other hand, recorded a staggering 12 million spam calls in October 2021 alone.

16. British Targets: Yorkshire and Humber emerged as the most-targeted British locations for vishing attacks in 2021. 66% of individuals in these regions received cold calls frequently.

17. Financial Impact in India: In 2021, an Indian scammer made over 202 million spam calls. Most of these calls were sales or telemarketing-related, with the KYC scam particularly prevalent.

18. Spoofing Tactics: About 70% of scam calls in the U.S. use number spoofing, a technique where scammers mask their actual caller ID to appear as a trusted source.

Spoofing Tactics-.jpg

19. Preparedness of Scammers: Around 39% of vishing victims claimed that the scammers knew their home addresses before initiating the call. In 17% of cases, scammers even had some or most of the victims' social security numbers.

20. Businesses in the Dark: 38% of businesses are unaware if customers flagged their calls as potential fraud.

21. Vishing on Business: 3 out of 4 businesses lost money to voice scams.

22. Vishing's Growing Threat: The financial consequences of vishing scams in 2023 have reached billions, affecting individuals and businesses globally.

23. Technological Shifts: Mobile phones have become the primary medium for voice phishing, with 85% of such scams occurring over mobile devices in 2021.

24. AI-Powered Vishing Attacks: There has been a rise in vishing and deepfake phishing, with attackers using AI-powered impersonation tools to mimic voices of trusted individuals (Source: ZSCALER).

25. Increase in Vishing and Smishing Attacks: Detection volumes for vishing and smishing grew by more than 30% compared to the previous quarter. ( Source: APWG DOCS).

26. Emergence of Hybrid Vishing Attacks: In the second quarter of 2023, hybrid vishing attacks accounted for 5% of response-based attacks. (Source:SPACELIFT)

27. Financial Impact of Phishing in the U.S.: The average cost of a data breach in the U.S. was $9.48 million, with phishing being a significant contributor. (Source: TECHOPEDIA)

28. Global Phishing Attack Trends: In the first quarter of 2024, nearly 964,000 phishing attacks were recorded, with a notable rise in vishing.

Vishing Around the World: A Global Perspective on Voice Phishing

Vishing, or "voice phishing," is a testament to this global menace. While the U.S. grapples with its vishing challenges, countries like Peru, Mexico, India, and Indonesia are not immune. Delving into the vishing statistics from these nations reveals unique tactics and trends, painting a comprehensive picture of this worldwide threat.

CountryVishing ScenarioKey Tactics and Trends
PeruRecorded over 12 million spam calls in October 2021.Impersonating local banks or government agencies, leveraging local trust.
MexicoWitnessed over 3.2 million vishing attempts in 2021.Mobile-based attacks, fake bank alerts, fraudulent transaction warnings, faux lottery wins.
IndiaA single scammer made over 202 million spam calls in 2021.KYC scams with fraudsters posing as bank officials, exploiting the diverse linguistic and cultural landscape.
IndonesiaExperiencing a surge in vishing attacks with its growing digital economy.Scams related to online purchases, posing as customer service from e-commerce platforms, fake discounts.

Table 1: Vishing Around the World: A Global Perspective on Voice Phishing

  • Peru's Vishing Predicament: In the heart of South America, Peru has emerged as a hotspot for vishing attacks. In October 2021 alone, the nation recorded over 12 million spam calls. What's alarming is the sophistication of these scams. Peruvian fraudsters often employ localized tactics, such as impersonating local banks or government agencies, capitalizing on the trust of their fellow citizens.
  • Mexico's Mobile Menace: with its vast mobile phone user base, Mexico is a prime target for vishers. In 2021, the country witnessed over 3.2 million vishing attempts. The trend here leans heavily towards mobile-based attacks, with scammers exploiting the widespread use of mobile banking among Mexicans. The tactics? Fake bank alerts, fraudulent transaction warnings, and even faux lottery wins.
  • India's Diverse Vishing Landscape: India, with its diverse linguistic and cultural tapestry, offers a unique challenge and opportunity for vishers. A single scammer made over 202 million spam calls in 2021. The most prevalent scam? In the KYC (Know Your Customer) scam, fraudsters pose as bank officials and ask for personal details to "update" the victim's KYC status. Given India's vast population and the rapid digitization of its economy, the scale and variety of vishing attacks are both vast and varied.
  • Indonesia's Rising Threat: Indonesia, an archipelago of over 17,000 islands, has seen a surge in vishing attacks. With a growing digital economy and increased online transactions, Indonesians are often targeted with scams related to online purchases. Scammers pose as customer service representatives from popular e-commerce platforms, luring victims with fake discounts or warnings about compromised accounts.

With its unique socio-economic and cultural backdrop, each country experiences vishing differently. However, a common thread binds them: the human element. Whether it's exploiting trust, leveraging fear, or capitalizing on greed, vishers around the world rely on manipulating human emotions.

The Techniques Behind Vishing: Unmasking the Deceptive Tactics

From impersonating legitimate businesses to exploiting technological loopholes, vishers constantly refine their methods to ensnare unsuspecting victims.

  • Impersonation of Legitimate Businesses: One of the most prevalent techniques in a scammer's playbook is the impersonation of legitimate businesses. Vishers meticulously research their target companies, understand their lingo and protocols, and even hold music. By mirroring these details, they craft convincing narratives. Whether it's posing as a bank representative warning of suspicious account activity or a tech support agent offering assistance, the goal is to create a facade of authenticity. This impersonation builds trust, making the victim more likely to divulge sensitive information.
  • Number Spoofing: In the U.S., number spoofing has become a significant concern. This technique allows scammers to mask their phone numbers, making it appear they're calling from a trusted source. For instance, a visher might spoof the number of a well-known bank, making the call seem legitimate. This tactic increases the scam's success rate and makes tracing the call more challenging.
  • SHAKEN/STIR - The Shield Against Spoofing: Recognizing the threat of number spoofing, the telecom industry introduced SHAKEN/STIR, a caller ID authentication system. This framework ensures that calls traveling through interconnected phone networks have their caller ID "signed" as legitimate by originating carriers and "validated" by other carriers before reaching the consumer. In essence, SHAKEN/STIR acts as a digital handshake between phone networks, verifying the authenticity of call origins and ensuring the caller ID is accurate. Its implementation is a significant step towards curbing vishing attempts, providing consumers with an added layer of security.

Protecting Yourself from Vishing

Here's a deep dive into safeguarding yourself from vishing and the significance of staying vigilant and informed.

1. The Power of Vishing Awareness Training: Awareness is the first defense against vishing. Recognizing the signs of a scam call, such as unsolicited requests for personal information or pressure to act immediately, can be instrumental in thwarting a vishing attempt.

2. Verify Before You Trust: If you receive a call from a purported business entity, always verify its legitimacy. Instead of using the contact details provided during the call, look up the official number and call back to confirm.

3. Keepnet - A Vanguard Against Vishing: In the fight against vishing, tools like those offered by Keepnet play a significant role. As a leading name in the Human Risk Management domain, Keepnet provides products tailored to combat various cyber threats. Their Vishing Simulator trains individuals to recognize and respond to voice phishing attempts. Similarly, the Smishing Simulator and Phishing Simulator equip users to identify and counter SMS and email phishing threats. Keepnet Security Awareness Educator further reinforces this training, ensuring that individuals are aware and trained to act.

4. Embracing Advanced Solutions: Keepnet doesn't stop at simulation. Their platform integrates advanced cybersecurity measures with AI, offering a holistic solution to modern-day threats. Keepnet provides a 15-day trial and a one-on-one demo for those keen on exploring their offerings, ensuring businesses and individuals can make informed decisions.

5. Caller ID Authentication with SHAKEN/STIR: In the U.S., the SHAKEN/STIR framework has been introduced as a countermeasure to number spoofing. This caller ID authentication system ensures that calls have their caller ID "signed" as legitimate by originating carriers, adding an extra layer of security against vishing.

6. Stay Updated: Cyber threats are ever-evolving. Regularly updating yourself on the latest vishing tactics and trends is crucial. Subscribing to cybersecurity platforms, like Keepnet , can provide timely insights and updates.

Vishing is a stark reminder of the threats lurking in the shadows. However, we can navigate this digital terrain safely with security awareness, the right tools, and a proactive approach. Remember, in cybersecurity, knowledge is not just power; it's protection.

Additional Resources

Visit our vishing simulator page to learn how Keepnet protects businesses from voice scams.

Start your free trial now and see how our vishing simulator protects you!

Editor's Note: This blog was updated on December 4th, 2024.

SHARE ON

twitter
linkedin
facebook

Frequently Asked Questions

What is Vishing?

arrow down

- Vishing, or voice phishing, is a cybercrime tactic where fraudsters use voice communication, primarily phone calls, to deceive individuals into providing sensitive information.

How does Vishing differ from traditional Phishing?

arrow down

- While traditional phishing often involves deceptive emails or websites, vishing focuses on voice-based deception, with scammers impersonating trusted entities over the phone.

Why has Vishing become more prevalent in recent years?

arrow down

- With the proliferation of smartphones and VoIP services, coupled with the inherent trust many place in voice interactions, vishing offers scammers a potent tool for deception.

How can I protect myself from Vishing attacks?

arrow down

- Stay informed about common vishing tactics, always verify unsolicited calls by contacting the official entity directly, and consider using cybersecurity tools like Keepnet .

What is Keepnet , and how can it help against Vishing?

arrow down

- Keepnet is a leading Human Risk Management platform offering products like the Vishing Simulator, Smishing Simulator, and Phishing Simulator to train individuals in recognizing and countering cyber threats.

How does the SHAKEN/STIR framework combat Vishing?

arrow down

- SHAKEN/STIR is a caller ID authentication system introduced in the U.S. to counter number spoofing. It ensures that calls are "signed" as legitimate by originating carriers, adding a layer of security against vishing.

Are certain demographics more susceptible to Vishing?

arrow down

- While anyone can be a target, statistics indicate that youngsters aged 18-44 and men are more susceptible to vishing attacks.

What are some global hotspots for Vishing?

arrow down

- Countries like Peru, Mexico, India, and Indonesia have seen a significant rise in vishing attacks, each with unique tactics tailored to their socio-cultural landscape.

How can businesses protect their employees from Vishing?

arrow down

- Businesses can invest in cybersecurity awareness training, utilize platforms like Keepnet for simulated attack scenarios, and regularly update employees about the latest vishing tactics.

Where can I learn more about the latest Vishing trends and statistics?

arrow down

- Staying updated with cybersecurity platforms, subscribing to trusted tech news outlets, and exploring comprehensive resources like our blog post can provide insights into the evolving world of vishing.

iso 27017 certificate
iso 27018 certificate
iso 27001 certificate
ukas 20382 certificate
Cylon certificate
Crown certificate
Gartner certificate
Tech Nation certificate