Disclaimer: this article includes affiliate links. When you make a purchase through one of our links, we may receive commissions.
In this post we are going to cover:
- How you recognize a vishing scam
- How you recognize a smishing scam
- How you combat vishing and smishing
Plus more... Read on to learn everything you need to know about vishing and smishing.
An official FBI 2018 Internet Crime Report shows that both vishing and smishing contributed to $48,241,748 in cybercrime-related losses that year. To further elaborate, there were over 26,000 people who fell victim to online scams.
But what are these two scamming techniques, and how have they been able to inflict so much damage on innocent victims?
What is Vishing?
Vishing is a kind of fraud that shares many core principles with phishing, but it’s done over the phone.
This scamming technique utilizes automated voice messages to coax innocent people out of confidential information. The crafty criminals responsible for vishing attacks are leveraging Voice Over Internet Protocol (VoIP) technology to perpetrate these scams.
The reason more criminals are relying on vishing to victimize their targets is that it’s cost-efficient for long-distance calls.
It’s also web-based. Meaning that these scammers have plenty of available software to fabricate automated customer service lines.
Info: Furthermore, vishers can mask their phone numbers—making tracking them an unlikelihood. Provided one of these scam artists isn't hiding their phone number, they've probably hacked into a legitimate VoIP-user's account.
What are Commonly Used Vishing Scams?
There are two kinds of vishing schemes that have made themselves prevalent in recent years:
- An email is sent to the intended victim, asking them to give personal information over the phone.
- A phone number is provided for the target to call a VoIP account posing as an official institution.
- A series of voice prompts are used to conjure account numbers, passwords, and further personal info from the victim.
- The intended target is reached via phone by either a person or a recorded message.
- Victims are told to follow a series of directions to protect their accounts.
- In this instance, the vishing scammer has gathered some information about their target and is likely aware of their account/credit card numbers.
- This lends some credibility to the criminal because it makes them seem professional and trustworthy.
- Of course, this call is from a VoIP account and not a legitimate company.
Covid19 Related Vishing Scams
The Centers for Disease Control and Prevention (CDC) has reported that people are receiving calls appearing to originate from the organization through caller ID. There are also scammer voice mail messages making the rounds pretending to be from the CDC.
Info: Of course, this is being done to take advantage of vulnerable people during the pandemic. With panic running rampant, seeing the CDC’s name appear on caller ID would trigger people to answer—sending them down the scam-artist rabbit hole.
Spotting and Avoiding Vishing Attacks
If someone claims to be calling from the IRS, Medicare, or Social Security Administration, they’re trying to vish you. These criminals will often urgently approach targets, attempting to foster fear with threats of arrests and fines.
Advice: Always keep in mind that official agencies don’t initiate contact to ask for personal information unless you’ve set up an appointment.
The key with these scammers is to never provide personal information over the phone, even if they possess some of your details. Merely hang up, perform your own investigation, notify the authorities, and never answer the phone number again.
What is Smishing?
Smishing is phishing, except with text messaging and SMSing.
Info: The reason that smishing scammers find success is due to the inclination for people to be less alert of malicious activities when reading a text.
Compared to receiving a text, we all tend to be a little more aware of phony emails. Perhaps, this is due to the more personal nature of text messaging.
Smishers have leveraged this advantage into getting people to provide social security numbers or credit card information. It’s then seamless for the scam artist in question to steal their victim’s identity by applying for new credit cards in their name.
What Are Commonly Used Smishing Schemes?
Here are a couple of smishing schemes that have been regularly employed by scam artists:
- A scammer sends a link from a company claiming if the victim doesn’t click through and provide their personal information, they’ll be charged a daily service fee.
- The smisher, posing as a financial institution, sends a text or SMS asking the target to click a link to verify a transfer of funds.
- They’ll then be coaxed into entering their personal information to “receive the transfer.”
Covid19 Related Smishing Scams
After the UK Government launched a text campaign in March, meant to encourage people to self-isolate, there was an influx of smishing texts.
These texts would falsely claim to be from the government. However, the addresses would be altered in the slightest of manners. For example, underscores were used to emulate hyphens, lower-case letters would be upper-case, or the letter ‘o’ would be a zero.
Info: These scammers were capitalizing on the fact that the government was offering benefits. They’d pretend that through clicking a link, a potential victim would receive a rebate. Alternatively, the texts would claim that targets were being fined for breaking social distancing protocols.
Spotting and Avoiding Smishing Attacks
Any text or SMS messages with urgent security alerts and coupons that must be redeemed immediately are red flags. Furthermore, a text message asking you to update account information or confirm pin codes will never be legit.
Advice: First and foremost, delete any texts like this and never click through the link. If you do have any concerns, contact the relevant bank or merchant—provided you’ve done business with them.
Tech Solutions to Combat Vishing and Smishing
Often, the people most vulnerable to these scams are either very young or the elderly. Though, anyone is susceptible—as we can all be caught off guard. In fact, nearly 50% of businesses reported falling victim to such attacks in 2018.
There are many moving parts in any given organization, and people make mistakes. As such, companies should mandate security awareness training programs, including the following topics:
- Best practices for general safety
- Policy outlines
- How to report suspicious messages
- How to handle sensitive communications
Firewalls can also be a massive aid in preventing smishing attacks since they can stop the download of malware.
What’s most critical is always being on high alert, and never thinking you’re too smart to fall for a vishing or smishing scam.
What is the difference between phishing and vishing?
Phishing is done via phone call, email or phony websites. Vishing is done via internet phone service (VoIP). It may includes ‘spoofing’ (which is a phone number of a real business or company).
What is VoIP and how it works?
VoIP is a phone service via internet and it is a technology that converts your voice into a digital signal.
How does vishing work?
Vishing is carried out using voice technology in which individuals are tricked into giving personal or financial information to unknown/unauthorized entities.
How does smishing work?
Smishing is done through SMS. The smishing scammer sends an SMS calling to action to click on a link. The link takes you to a website which will ask you to reveal personal details.