Recently, a colleague of mine, let’s call him David Thompson to keep things anonymous, received an unusual call on his personal mobile.

The caller simply asked, “Is this David Thompson?” Thinking it might be work-related, he replied, “Yes.”

The caller followed up with, “Are you from [CompanyName]?” Again, David confirmed.

Then, silence. The caller hung up immediately.

At first glance, it may seem harmless. But this was actually a successful vishing attempt — a form of voice phishing designed to confirm personal details and link them together for malicious purposes.

What Actually Happened?

This wasn’t just a cold call. It was a deliberate attempt to validate three key pieces of information:

• David’s full name

• His personal phone number

• His place of work

With those confirmations, the attacker now has a verified profile, one that can be combined with public data (like LinkedIn or company websites) and used in more sophisticated attacks.

This kind of verified information is extremely valuable and can be:

• Sold to data brokers for telemarketing or robocalls

• Leaked or traded on the dark web

• Used in targeted phishing or impersonation attacks

• Compiled into larger datasets for future social engineering campaigns

How to Avoid Falling for Vishing Attacks

Even people in tech or cybersecurity can get caught off guard. The call seems innocent, but that’s exactly why it works. Here’s how to defend yourself:

1. Don’t Just Answer, Ask Back

If someone calls and asks, “Is this [Your Name]?”, follow it up immediately with:

“Who’s calling, and what is this regarding?”

Flip the dynamic. If they’re asking about you, they should identify themselves first. Be curious, not courteous.

2. Use Call Screening Tools

Modern smartphones offer smart ways to deal with unknown callers:

• Google Pixel phones have Call Screen, where Google Assistant answers unknown calls, asks why they’re calling, and transcribes their response in real time.

• Apple’s upcoming iOS 26 (currently in Developer Beta 4) introduces a new Call Screening feature where Siri can:

• Automatically answer calls from unknown numbers

• Ask the caller to state their name and reason for calling

• Display a live transcription so you can decide whether to answer

This puts a layer between you and unknown callers. Most scammers and cold callers won’t go through the effort.

3. Try the Voicemail Filter Trick

Here’s a personal tip I use that works surprisingly well:

My voicemail starts with: “Hello?”

I pause, most bots or scammers start talking right away. Then I say:

“If this call is important, please leave a message. If not, I won’t return the call.”

It filters out a surprising amount of junk.

Final Thoughts

This wasn’t a phishing email or a malware attack. It was a simple phone call, and yet it successfully confirmed three valuable pieces of information.

These details can now be weaponised in future scams, social engineering attempts, or sold for profit.

Stay sharp. Just because a call seems routine doesn’t mean it’s harmless.

Question everything, especially unexpected calls.

💡 Have you ever received a call like this? Drop a comment or share this post to raise awareness.

🔒 If you found this helpful, subscribe for more real-world cybersecurity insights and tips.