Vishing and Smishing

What it is:

If you know about phishing, then vishing and smishing are not that different! For the unfamiliar: Phishing is the attempt to steal money and sensitive information by impersonating oneself as a trustworthy entity, typically through email. Vishing and smishing are similar, except that they occur over phone calls and text messages, respectively. These attacks can also occur on social media platforms and instant messengers, like WhatsApp, Facebook, and LinkedIn.

How to Spot:

• In both types of scams, the attacker pretends to be someone – either a person, organization, government agency, or company – they are not.
• What do they want? The same things phishing scammers are after: personal information, account passwords, and your money.
• Typically, smishing attacks will include a short URL that they want recipients to click on. This link leads to a fraudulent website designed to steal your information.
• All these communications are unsolicited, and urge for action on a situation you did not know you were in
• See below for some examples:

These are examples of smishing messages:

And how to spot them:

What to do:

• Do not respond!
• The best course of action is to immediately hang up or delete the message.
• If you are receiving repeated communication from that number, you can block the caller in your phone’s settings
• When in doubt, you should always contact a company, vendor, or organization who appears to be messaging you by:
  • Visiting their official website
  • Using their app
  • Calling the number on your credit card, if applicable

Additional Steps:

• You can report vishing and smishing scams to the Federal Trade Commission to protect others from being defrauded in the future
• You may also be able to report the communication to your cellular provider, or the app it occurred on
• You can register your phone number on the National Do Not Call Registry to reduce telemarketing calls, but this may not always stop scammers