Vishing examples
Vishing examples are documented voice-phishing cases and the script patterns behind them — executive impersonation, bank fraud-department spoofs, grandparent emergencies, IT-support resets, government threats, delivery fees, and AI robocalls. Studying the scripts is the fastest way to recognize a live attack.
The fastest way to recognize vishing is to study real vishing examples — because attackers reuse scripts. The voice changes (increasingly it's an AI clone), the caller ID changes, but the underlying playbook repeats. Here are seven script patterns, each anchored to documented cases from our Deepfake Incident Database.
1. Executive / CEO fraud ("the urgent wire")
Script: "It's [the CFO]. We're closing a confidential acquisition — I need you to process a transfer before end of day. Don't discuss it with anyone."
Real case: Arup, Hong Kong — a finance employee attended a video call where every participant, including the CFO, was AI-generated. Fifteen transfers, $25.6 million lost. The voice-only version of this script targets companies daily.
The counter: dual approval on all payment changes + callback on a known internal number. Ferrari's target defeated a live CEO voice clone by asking a question only the real CEO could answer.
2. The grandparent emergency
Script: "Grandma? It's me — I've been in an accident / arrested. I need bail money wired now. Please don't tell Mom."
Why it works: a cloned voice of the actual grandchild — sourced from 30 seconds of social-media video — plus panic. This is the highest-volume consumer vishing pattern, and losses skew toward older adults.
The counter: a family code word, and calling the grandchild's real number before any money moves. A voicemail can be checked in seconds with the AI voice detector.
3. Bank fraud-department impersonation
Script: "This is [your bank]'s fraud team. We've detected suspicious charges. To secure your account, read me the code we just texted you."
Why it works: the caller ID shows the bank's real number, and the "we're protecting you" frame inverts suspicion. The code being harvested is the OTP that authorizes the attacker's own transaction.
The counter: banks never ask you to read back a one-time code. Hang up, call the number on your card. The banking industry guide covers how banks deploy voice-clone detection on inbound calls for exactly this pattern.
4. IT help-desk reset
Script: "Help desk here — we're migrating accounts and need you to approve the MFA prompt we just sent."
Real-world context: help-desk vishing was the entry point in several major 2023–2024 breaches of household-name companies; attackers now clone the voices of actual IT staff for credibility. This is the pattern behind most "MFA fatigue" compromises.
The counter: verified-callback policy for any credential action, plus real-time call screening in contact centers.
5. Government threat ("the IRS call")
Script: "This is the IRS / immigration enforcement. There's a warrant tied to your identity. Pay the settlement today by gift card or face arrest."
Why it works: fear plus authority. Payment by gift card or crypto is the giveaway — no government agency settles by gift card.
The counter: hang up; agencies communicate by mail first. See deepfake and robocall laws by country for what's actually enforceable.
6. AI robocall voter suppression
Script: a cloned public figure tells you not to vote, to "save your vote," or pushes fabricated election instructions.
Real case: the New Hampshire Biden robocall reached thousands of primary voters with an AI clone of the President's voice. The FCC responded by ruling AI-voice robocalls illegal under the TCPA and fined the operator $6 million.
The counter: treat any voice-only instruction about voting as hostile; verify with official election sources. Newsrooms verify suspect clips with the audio detector before reporting.
7. The callback trap ("delivery fee" / "subscription renewal")
Script: a voicemail about a package fee, an Amazon or Netflix renewal, or a computer-support subscription, with a callback number. The fraud happens on the second call, which you initiated — so your guard is down.
The counter: never use the number in the message. Screen suspicious voicemails with the scam call screener, which maps recordings against 20 known scam-script categories including this one.
The pattern behind every example
All seven scripts share three ingredients — impersonation of a trusted party, manufactured urgency, and an irreversible ask (wire, gift card, crypto, or a one-time code). That's the definition of a vishing attack, and it's why the defenses generalize:
- Urgency = alarm. Legitimate institutions allow verification time.
- Out-of-band callback. Call back on a number you already trust — defeats spoofing and every voice clone.
- Detection. For any recording, get a synthetic-vs-real verdict from the free AI voice detector before you act on it.
Frequently asked questions
What is a famous example of vishing? The $25.6M Arup fraud and the New Hampshire Biden robocall are the most-documented cases.
What does a vishing call sound like? A trusted voice plus a deadline plus an irreversible ask. The specific story varies across the seven scripts above; the structure doesn't.
How can I check a suspicious voice message? Upload it to the AI voice detector to test whether the voice is synthetic, then verify the claim on a known-good number.
Related terms
- Vishing · Vishing attack · Vishing vs phishing
- Smishing vs vishing — the SMS variant
- Voice cloning — how the impersonation is made