What are Smishing, Phishing and Vishing? How are they different?
Have you ever received strange emails, texts or calls asking for money, your personal information or you clicked on some shady links to get some work done? Chances are some scammers are trying to lure you in using phishing, smishing or vishing techniques.
But how do you know which of these problems you're getting yourself into, and how can you avoid falling into their traps?
Phishing, Smishing and Vishing
Before diving into the details, here's an overview of what each scam entails:
Phishing | Smishing | Vishing | |
Define | Email scam | Fraud via SMS | Fraudulent phone calls |
Purpose | Steal your login credentials, financial information, or other personal data | Steal login and financial information or download malware to your device | Trick you into revealing personal information over the phone or accessing your account remotely |
For example | An email asks you to click a link to confirm a deposit or win a monetary gift | An SMS message asks you to click a link and verify your account information | Calls from the IRS, banks, or other legitimate establishments falsely claiming that you owe money or need to provide personal information to resolve a problem |
Prevention | Carefully check the sender address, links, and requests in emails before taking any action | Confirm the legitimacy of unusual texts before clicking on links or calling numbers | Hang up and call back via the official number if the call is suspicious |
What is phishing?
Phishing attempts are often made via email. Scammers use email because it is easy to spoof the "From" address and make the email look like it was sent from a bank, a famous store, a government agency, etc. They often send messages based on things that people are likely to receive emails about, such as banking, Amazon orders, package tracking notifications from UPS or FedEx, or password reset requests from Facebook or Gmail.
Of course, your first reaction is to think: "Oh no, I better check that out!" So you click on the link provided to process it immediately. But that link doesn't take you to the actual website. Instead, it will take you to a fake login page that the scammers have created, and as soon as you enter your login details, they will have full access to your account. Next, they will change your passwords, drain your bank account, or steal your identity.
What is smishing?
Smishing is a scam sent via text message to your phone instead of email to your inbox. The word comes from combining the words "SMS", meaning Short Message Service (text message) and "phishing".
Smishing messages use all kinds of tricks to get you to click on links or give up sensitive details. The messages often appear legitimate, like they're sent from your bank, friend, or company you use, and include embedded links to click through. If you clicked on that link and submitted your login information, you have become a victim of a scam.
In another case, a malicious SMS message could indicate that you have unexpectedly won a prize or lottery. To receive the "bonus", you need to pay a small fee, call a number, or click on a link that asks for personal information (including a password). This prize does not exist and compromised account details could allow scammers to drain your bank balance.
A similar type of scam is a message claiming someone has won the lottery and wants to share their winnings with you. As expected, they provide instructions to click on the link or provide personal information for reassurance.
So why text and not email? According to Gartner, more people read and respond to messages - about 98% compared to just 20% for email. Because we are constantly glued to our phones, smishing has a higher chance of success.
What is vishing?
Vishing is "voice phishing" and refers to scams conducted through phone calls. This is like receiving a phishing email, except the attacker calls you directly with a recorded or in-person interaction instead of reaching out digitally.
Vishing uses various Social Engineering strategies to try to fool you. A common Vishing attack technique is to claim a scary emergency like your Social Security number was used fraudulently or you owe money to the IRS. This causes the victim to fear or panic, making them more likely to comply when the scammer says they need personal information to help resolve the situation. The story in thread X below is a typical situation:
Another trick visher uses is "caller ID spoofing" to make the call look like it's coming from a legitimate company, government agency, or local number. Bad actors may have collected pieces of your information from past data breaches, so the content sounds more convincing when they call, in order to gain your attention and trust. Friend.
Now, one of two things happens.
- The victim will be met with an automated voice system that asks the victim to enter their credit card, debit card, or other banking details, along with their PIN and other personally identifiable information.
- Initially, when the victim hangs up to call the bank, the scammer will stop this. This keeps the line open and connected to the scammer. The victim may then hear a spoofed dial tone, followed by the scammer "answering" the phone. Next, they pose as bank employees, asking victims to provide details for later use or to transfer money from one account to a new "safe" account.
Unfortunately, economic loss through vishing attacks remains a legal gray area, with banks arguing that victims must bear some legal responsibility to aggressively protect their interests. them, despite the concerted efforts of the scammers.
How to detect Phishing, Smishing and Vishing scams
You can equip yourself with some strategies to mitigate the impact of these scams. They are easy to remember and will save you time and money.
- Double check the caller's phone number, email address, or text or instant message source. This number may have been spoofed to look like an official source.
- Even if the number appears legitimate, always use another phone line when you're asked to call another number back. This avoids "don't hang up" scams. Use the number from a recent bank statement or look up your bank's main customer service number online.
- Never give anyone your banking information over the phone, no matter how adamant they are. Your bank won't ask you for any identifying details, especially your PIN, the security number on the back of your card, or even your card's expiration date.
- Never transfer money to another account at the behest of a random caller. Your bank will never ask you to do this. Likewise, they won't send a courier to your house to pick up your checkbook. There is no official organization that does this unless you are caught under a warrant from the IRS.
- Be extremely wary of unusual messages from your bank or another trusted institution. Unless you have previously agreed with your bank that SMS contact is acceptable, it will not happen.
- Likewise, be wary of any links included in any SMS messages. Shortened links can take you anywhere, and there's little way to know what happens when that link is clicked.
- Hang up when you receive threatening calls demanding immediate payment. Real companies wouldn't make baseless threats out of the blue.
- Never pay unknown callers using irreversible means such as gift cards, cryptocurrency or bank transfers. These payment methods do not provide you with protection against fraud.
- Trust your instincts. If an email, text, or call seems suspicious or "too good to be true," consider it a phishing attempt.
Above all, be vigilant. If you're not sure, just hang up. If it's a suspicious email or text, ignore it.
You should read it
- [Infographic] 4 types of Phishing are easy to trap users
- Smishing - Serious security threat
- What is Spear Phishing?
- 5 signs to identify phishing websites
- [Infographic] How to recognize and prevent Phishing attacks
- How to identify phishing emails
- How to protect yourself from phishing attacks via mobile phones
- How to report phishing emails in Outlook.com
- Phishing attack: The most common techniques used to attack your PC
- Smishing, public WiFi, deepfake ... but every security threat will explode in 2020
- Learn about the Adversary-in-the-Middle phishing attack method
- 25% of 'over-the-counter' phishing emails are the default security of Office 365
Maybe you are interested
5 common methods hackers use to hack bank accounts
One-third of AI projects will go bankrupt by the end of next year
Experts dug up the 'ivory bank', but they panicked and retreated halfway through the excavation. The truth lies in the ivory
Vultur banking malware reappears with many dangerous features
Digital Finance Essentials: The Tech Entrepreneur's Guide to LLC Banking
Efficiency and Productivity: The Impact of Banking CRM Systems