Fast checklist
If you have received a suspicious call:
- Hang up immediately.
- Do not share passwords, authentication codes or personal details.
- Do not follow instructions to install software or make urgent changes.
- Verify the request by calling back using an official number from a trusted source.
- Write down the details of the call including the number, what was said and any pressure applied.
- Report the incident to your IT or security team.
- Be cautious of follow up calls, emails or texts that reference the same issue.
If you shared information:
- Inform your organisation’s security team so they can check for wider impact.
- Change the passwords for any affected accounts.
- Review your multifactor authentication settings.
- Monitor your accounts and devices for unusual activity.
The sections below walk through these actions in more detail.
Step 1 Stop and assess
If a call feels suspicious or unexpected:
- End the conversation politely but firmly.
- Make a note of what happened including the phone number, who the caller claimed to be, the reason for the call and anything they asked you to do.
- Do not call the number back. Caller ID can be spoofed.
- If you have already shared details, record exactly what information you disclosed.
Step 2 Secure any accounts that might be affected
Using a trusted device:
- Change the password for any account mentioned during the call.
- If you reuse that password elsewhere, change those passwords too.
- Review your multifactor authentication settings and remove any devices, phone numbers or apps you do not recognise.
- Check your recent sign in activity for anything unusual.
If financial details were shared, alert your bank immediately.
Step 3 Verify the request independently
Verification should always be normal practice.
- Contact the organisation using a number from its official website or your internal directory.
- For internal calls, use known channels such as the helpdesk portal or switchboard.
- Explain that you are checking whether the call was genuine.
- A legitimate caller will always support this step.
If the organisation has no record of the request, treat the call as a vishing attempt.
Step 4 Be aware of multi-channel attacks
Many vishing attempts are combined with email or SMS activity.
Be cautious if:
- You receive an email that asks you to call a number urgently.
- The caller references a message you do not recognise.
- You are asked to install remote access software or provide authentication codes.
If anything feels unusual, stop and verify.
Step 5 Report the vishing attempt
Reporting allows your organisation to respond quickly.
- Send the details to your IT or security team using the normal reporting route.
- Include your notes, screenshots or voicemail recordings if you have them.
- Block the number on your phone, although attackers may change numbers frequently.
Avoid contacting the caller again or attempting to investigate the number yourself.
Step 6 Strengthen your security going forward
To reduce the risk of future compromise:
- Treat unexpected calls that involve urgency as a warning sign.
- Enable multifactor authentication on all important accounts.
- Limit the amount of personal or organisational information you share publicly.
- Attackers often start with online research
- Use unique, strong passwords or a password manager.
- Be cautious about calls claiming to be from IT support, HR, finance or senior leadership.
Final thoughts
Mistakes can happen, even to experienced users. What matters most is the speed, confidence and thoroughness of the response.
Swift reporting, isolation and review can turn a potential breach into a contained event. Clear procedures and regular awareness training ensure that when phishing or vishing happens, the impact is kept to a minimum.
Reviewed by: Katie Barnett, Director of Cyber Security
Last updated: 09/12/2025
Need support with vishing readiness or incident response
Talk to Toro about vishing simulations, incident response exercises and converged security support.