Phishing and vishing have some distinct differences despite both being similar forms of cyber attacks. The main distinction is that phishing operates almost entirely via email, with attackers attempting to trick the individuals into clicking malicious links or responding with sensitive data via spoofed emails and impersonation. They are often praying on the human element and leveraging an organization's hierarchy.
Vishing attacks, however, take place via voice and verbal communication. This communication can come through phone calls and sometimes directly through desktops and laptops. Voicemails and messages are often used to prey on the target and generate a sense of urgency, masquerading as IT support or a supplier chasing an invoice in some cases.
One of the key defenses, as with most other phishing attacks, is education. Educated staff and employees aware of these forms of attacks will become vigilant and reduce the organization's risk.