In late September, the New York Times ran an article by a crime reporter who covered scams for a living, and then almost fell for one himself. The scam? A man claiming to be a Chase Bank employee called to verify several Zelle transfers made from the reporter’s account. By the time he realized something was off, he had spent a whopping 16 minutes on the phone with the scammers, and had come very close to forking over $2,100.
The Zelle scam is an example of “vishing” - which is short for voice phishing. These are scams where criminals use phone calls to trick you into handing over personal information, sending money, or taking actions such as disclosing a multifactor authentication code.
What does a vishing scam sound like?
Vishing calls can come from real people, robocalls, or even AI-generated voice clones.
The scammers might pretend to be from your bank claiming there is suspicious activity, and ask you to confirm your identity using your account numbers or PIN. They might claim to be your internet provider, and tell you your computer has a virus, urging you to install remote software. Scammers can even use AI to mimic the voice of someone you know, and claim they’re in trouble and need your help.
Their goal is to build just enough trust – or cause enough fear – to make you act without thinking.
Whatever the story, vishing calls have some tell-tale signs:
- The call is unexpected. You weren’t expecting a call from the IRS, Amazon, or your bank. In most cases, these organizations don’t call you out of the blue.
- The callers express urgency. If you answer the phone and you’re in a rush or distracted, you might be more likely to fall for the scam.
- The caller will attempt to lend authenticity and legitimacy to the call. In the case of the Zelle scam, the call came from a number that matched that of a Chase Bank branch in Time Square. Scammers can spoof a phone number to look like it’s from a legit source. Also, the caller offered to transfer the call to a supervisor. This makes the call feel more real, but could just be two people sitting a room together, or one person changing his voice.
- The caller may throw a bunch of information at you. In the Zelle case, it was multiple cancellation codes and case numbers, which create a lulling effect on the victim. As you start to type a long string of numbers, you shift from a critical thinker to someone performing a task.
What to do if you get a suspicious call
Hang up. You don’t have to be nice to scammers.
As an FBI agent advised: “Take that breath, take a beat. Think about what’s going on and what this call is about.”
- Don’t press buttons
- Don’t speak
- Don’t give any information
- Verify independently. If you’re worried the call might be real, hang up, then call back using an official number from the company’s website or your account statement. If the call was from someone you know, use the phone number in your contacts. Since scammers can spoof phone numbers, don't just call the same number back.
How to report vishing calls
Reporting helps shut scammers down. It also helps others avoid the same traps.
- Report the number to the FCC
- Report scams to the FTC
- Block the number on your phone
- Enable scam call blocking features from your mobile carrier – many now offer free tools to help
- Let your workplace's IT or security team know. Vishing attacks often target workplaces.
October is National Cybersecurity Awareness Month, an annual collaborative effort between government and industry to ensure we have the resources you need to maintain your security online. Throughout October, we’ll be sending you tips on protecting your information and avoiding malicious attempts to extract your personal data. Visit https://its.weill.cornell.edu/cybersecurity for more info.
Sources:
- https://www.nytimes.com/2025/09/18/nyregion/zelle-chase-banking-scam.html?campaign_id=190&emc=edit_ufn_20250925&instance_id=163232&nl=from-the-times®i_id=47579090&segment_id=206587&user_id=993edb6fe01e2e1285add6039b0984cf
- https://www.staysafeonline.org/articles/how-to-spot-and-avoid-phone-scams