Documentation

What Is Vishing Fraud And How Does It Work?

Amna Kabeer
Amna Kabeer
Identity Theft - Digital Cyber Crime
Identity Theft - Digital Cyber Crime

Introduction

Vishing, or voice phishing, is a cyber fraud where criminals use phone calls to trick people into revealing confidential banking and financial information. The fraudster usually pretends to be a bank employee, customer care executive, government official, telecom representative, or financial institution officer. Their objective is to gain access to sensitive information such as debit card details, credit card numbers, CVV numbers, ATM PINs, internet banking credentials, or One-Time Passwords (OTPs). Once these details are obtained, the fraudsters use them to carry out unauthorized financial transactions.

Contents
IntroductionWhy Is Vishing One Of The Most Common Cyber Frauds?How Do Fraudsters Carry Out Vishing Scams?What Are The Common Types Of Vishing Scams?What Legal Provisions Apply To Vishing Fraud?What Do Recent Cases Reveal?How Can A Victim File A Complaint?Conclusion

Why Is Vishing One Of The Most Common Cyber Frauds?

Vishing remains highly effective because it exploits trust rather than technology. Many people still believe that a caller claiming to represent a bank or government authority is genuine. Fraudsters often create a sense of urgency by claiming that a bank account has been frozen, KYC details need updating, reward points are about to expire, or a card is being blocked. In some cases, they inform victims that they have won a prize or are eligible for a special benefit. The victim is then persuaded to share confidential information that should never be disclosed over the phone.

How Do Fraudsters Carry Out Vishing Scams?

The scam usually begins with a phone call from an unknown number. The caller may claim to be from a bank, RBI, telecom company, insurance provider, or government department. They ask the victim to verify account details, update KYC information, activate a service, claim a reward, or resolve an alleged problem with the account.

In some cases, the fraudster first asks the victim which bank they use and then pretends to transfer the call to that bank’s customer service department. Once the victim feels reassured, the caller requests card details, account numbers, internet banking credentials, or OTPs. Fraudsters often keep victims engaged on the call while unauthorized transactions are carried out to prevent them from noticing debit alerts.

What Are The Common Types Of Vishing Scams?

Cybercriminals constantly modify their methods. Some fraudsters impersonate bank officials and claim that a customer’s account will be blocked unless KYC details are updated immediately. Others promise gift vouchers, cashback rewards, free credit cards, or prize winnings.

Another growing trend involves fake government notices and traffic challan messages. Victims receive calls or messages claiming that they have an unpaid traffic fine or legal issue. They are directed to click malicious links or install applications that steal banking credentials and personal information.

Investment-related vishing scams are also increasing. Fraudsters contact victims through WhatsApp, Telegram, or direct phone calls and convince them to invest in fake trading platforms that promise unusually high returns. Once substantial amounts are deposited, withdrawals are blocked and the fraudsters disappear.

Several legal provisions may apply depending on the nature of the fraud.

Section 318, Bharatiya Nyaya Sanhita, 2023 deals with cheating and dishonest inducement.

Section 319, Bharatiya Nyaya Sanhita, 2023 addresses cheating by personation where fraudsters impersonate legitimate officials or institutions.

Section 61, Bharatiya Nyaya Sanhita, 2023 may apply where multiple persons participate in a criminal conspiracy.

Section 111, Bharatiya Nyaya Sanhita, 2023 may become relevant in cases involving organised cybercrime networks.

Section 66C of the Information Technology Act, 2000 punishes identity theft involving electronic credentials.

Section 66D of the Information Technology Act, 2000 specifically punishes cheating by personation using computer resources and communication devices.

Where the proceeds of fraud are transferred through multiple accounts or concealed through financial networks, the Prevention of Money Laundering Act, 2002 may also become applicable.

What Do Recent Cases Reveal?

Recent investigations show that vishing and related frauds are becoming increasingly organised. Cybercrime syndicates frequently combine phone calls, fake websites, phishing links, messaging applications, and mule bank accounts to steal money from victims.

In one recent case, a retired Air Force officer allegedly lost nearly ₹49 lakh after receiving messages promising attractive investment returns. The fraudsters convinced the victim to invest through a fraudulent platform before preventing withdrawals.

Delhi Police has also warned citizens about fake traffic challan messages distributed through WhatsApp and SMS. These messages contain malicious links that install malware on mobile devices and allow fraudsters to access sensitive financial information.

Law enforcement agencies have further uncovered large cybercrime networks involved in phishing, fake customer-care scams, investment frauds, and impersonation schemes. During a major cybercrime operation, authorities identified fraud networks involving hundreds of suspects and financial fraud running into hundreds of crores of rupees.

How Can A Victim File A Complaint?

A victim should immediately collect and preserve all available evidence, including call recordings, phone numbers, SMS messages, screenshots, emails, bank statements, payment receipts, and transaction details.

Complaints can be filed through the or at the nearest police station or cybercrime unit. Victims of financial cyber fraud should also contact the national cybercrime helpline 1930 immediately. Prompt reporting can help authorities freeze suspicious transactions before funds are moved further.

Conclusion

Vishing fraud succeeds because it exploits human trust rather than technical vulnerabilities. Fraudsters create fear, urgency, excitement, or trust to manipulate victims into voluntarily sharing sensitive information. As digital banking and online transactions continue to grow, awareness remains one of the strongest defences against such scams.

Banks, government agencies, and financial institutions do not ask customers to disclose OTPs, PINs, passwords, CVV numbers, or internet banking credentials over phone calls, emails, or messages. Understanding this simple principle can prevent many vishing frauds before they occur.

You Might Also Like

The Rules And Regulations Of The Food Safety And Standards Authority Of India

Section 138 Of Negotiable Instrument Act : Law On Cheque Dishonour

Exploring Freedom Of Speech And Expression

How To File A Case Under The Employees’ Provident Fund And Miscellaneous Provisions Act

Laws for Domestic Violence Survivors in India

TAGGED:
Share This Article
Previous Article IPC Section 420 : Cheating And Inducing Property What Are Cheating Scams And How Do They Operate?
Next Article Can Platforms Be Held Liable For Harmful Content - IT Act - Cyber Crime What Is Sextortion And Why Is It A Growing Cyber Threat?
Leave a Comment

Leave a Reply

Follow US

Find US on Social Medias
Popular News
- Advertisement -
- Advertisement -
Ad imageAd image

📢 Stay Connected!

Join our community on Telegram and WhatsApp for instant updates, news, and exclusive offers.