The Former President of NABIP Was Minutes Away From Losing $25,000

Vishing, or voice phishing, has surged as cybercriminals shift focus from email to real‑time conversation. By mimicking trusted entities—often government agencies or financial institutions—attackers exploit the immediacy of a phone call, sidestepping firewalls, anti‑malware tools, and even multi‑factor authentication. The human element becomes the weakest link, especially when scammers deploy rehearsed scripts, forged caller IDs, and urgent language that pressures victims into rapid action. Industry reports show a year‑over‑year increase in vishing incidents, with losses ranging from a few hundred dollars to six‑figure payouts, making it a top concern for compliance officers.

The incident involving David Saltzman illustrates how even seasoned professionals can be deceived. A seemingly legitimate Apple alert triggered a panic response, leading him to an 800 number where an actor claimed FTC involvement and warned of suspicious bank activity. The scam’s escalation—requesting a VPN‑based account and an immediate $25,000 transfer—mirrored classic social‑engineering tactics: create urgency, fabricate authority, and provide a clear, actionable step. While Saltzman avoided the transfer thanks to a colleague’s intervention, the episode highlights the financial and reputational damage that could have ensued for his firm and its clients.

Mitigating vishing risk requires a layered approach beyond technology. Regular cyber‑security assessments identify gaps in employee awareness, incident‑response protocols, and third‑party verification processes. Simulated phone‑phishing drills, clear escalation policies, and a culture that encourages “hang up and verify” can dramatically reduce success rates. For agencies and advisors, investing in a free cyber assessment—such as the one offered by CyberFin—provides a baseline snapshot of exposure and actionable recommendations. Proactive education and continuous testing are the most cost‑effective defenses against a threat that thrives on human error rather than software vulnerability.