Social engineering exploits human psychological vulnerabilities rather than technical weaknesses to extract confidential information. Phone-based social engineering is called "vishing" (Voice + Phishing), and most special fraud schemes fall under this category.
Typical phone tactics include impersonating IT support ("Your computer is infected") to extract passwords, posing as bank staff ("Your account is compromised") to obtain PINs, and pretending to be a colleague ("I urgently need the vendor's account number") to access confidential data. All combine impersonation with urgency.
Four psychological factors drive success: authority obedience (complying when someone claims to be police or a banker), reciprocity (feeling obligated to return a favor), scarcity ("limited time only" pressure), and fear ("you'll be arrested" or "your account will be frozen" impairing judgment). Attackers skillfully combine these.
The fundamental defense is never sharing confidential information over the phone. Legitimate banks and police never ask for passwords or PINs by phone. If you receive a suspicious call, hang up and call back on a number you already know. Organizations should establish security policies for phone-based information sharing and conduct regular training. See government impersonation scams for examples.