sharlein writes:  

Vishing is the practice of leveraging Voice over Internet Protocol (VoIP) technology to trick private personal and financial information from the public for the purpose of financial reward. The term is a combination of "voice" and phishing.

Vishing exploits the public's trust in landline telephone services, which have traditionally terminated in physical locations which are known to the telephone company, and associated with a bill-payer. However, with the advent of VoIP, telephone services may now terminate in computers, which are far more susceptible to fraudluent attacks than traditional "dumb" telephony endpoints.


Example
The whole thing works like this:

1. The criminal configures a war dialer to call phone numbers in a given region.

2. When the phone is answered, an automated recording is played to alert the consumer that their credit card has had fraudulent activity and the consumer should call the following phone number immediately. The phone number could be a toll free number often with a spoofed caller ID for the financial company they are pretending to represent.

3. When the consumer calls the number, it is answered by a typical computer generated voice that tells the consumer they have reached account verification and instructs the consumer to enter their 16-digit credit card number on the key pad.

4. Once the consumer enters their credit card number, the visher has all of the information necessary to place fraudulent charges on the consumer's card.

5. The call can then be used to harvest additional details such as security PIN, expiry date, date of birth, bank account number, etc.


What can you do?

If you suspect a phishing attack:

go to www.antiphishing.org and look and see if there is documentation for the specific attack that suspect.
Never use a link that was sent in an e-mail. If it is Bank of America that they are showing as a contact, then open a new web browser and go to the Bank of America (or whatever institution has supposedly contacted you) site using google or what you know is the main site for institution.
For a Vishing attack:

Call your institution using the number on your invoice or on the back of your credit card. Do not use the phone number that they recording or person who contacted you used.