Vishing (or “voice phishing”) is a type of social engineering scam where an attacker tries to trick their target into surrendering sensitive data over the phone. As with other social engineering attacks, these phone phishing scams prey upon human emotions—attackers often create false scenarios that cause panic (e.g., security alerts) or desire (e.g., winning a large sum of money) to inspire the target to disclose their passwords, financial details, and other personal information. When it comes to defining vishing vs. phishing, the practices are quite similar—it’s the medium by which they are conducted that differentiate them. In a phishing attack, hackers use written communications (e.g., email or instant message) to masquerade as a reputable source in order to steal a person’s credentials. But with vishing, the scams take place over the phone rather than via email or text, and they’re becoming increasingly threatening. Today, attackers use voice over.