Estimated reading time: 5 minutes
Phishing, smishing, and vishing are online scams attempting to steal your personal information. While they may seem similar, each type of scam has unique features. To protect yourself from these scams, knowing how to spot them is essential.
Knowing how it works is the best way to protect yourself from a scam. That way, it’s easier to identify it when it targets you. Read on for examples and tips on spotting phishing, smashing, and vishing scams and avoiding falling for them.
If you’re clued up on internet scams, you may have already heard of phishing – but what about smishing and vishing?
Phishing, smishing, and vishing are all attacks used to try and steal your personal information. They all work similarly by sending you a message or call that looks like it’s from a trusted source, like your bank or credit card company, asking you to provide your personal information. Phishing alone accounts for around 90% of cybersecurity data breaches.
Phishing is the most common type of attack and usually takes the form of an email or website that asks you to provide your personal information, such as your name, address, bank account details, or passwords. If you suddenly receive an unexpected email from your bank asking you to confirm your details, tread carefully – someone is likely trying to phish you.
Typically, a phishing scam will provide a link which will take you to a fake website asking for your details. Beware, as this website might look exactly like your bank’s site or any other site it’s pretending to be, but a closer look at the URL will generally reveal that it’s a fake. Once you’ve entered your details, the scammers will use your information to steal your identity.
Smishing is a phishing attack that uses text messages instead of emails. Like phishing, text messages often ask you to click on a link or call a number to provide your personal information.
Vishing is a phishing attack that uses phone calls instead of emails or text messages. Though this type of scam works by phone call, it is the same: calls will ask you to provide your personal information, and if you comply, your identity will be stolen.
Vishing – A real-life case
Whilst writing this article, the SaneChoice Team spoke to people who were victims of scams. One of them resonated with us and is a real-life example of the sophistication used.
The scammer initially contacted the victim, saying they were from Barclays and had detected a fraudulent transaction on their debit card. However, they stated they had stopped it, and all was good. The scammer said Barclays would monitor the situation and call back if it occurred again.
In a week, they called again and said they saw a further fraudulent attempt to use the card, and the bank account was compromised. The compromised account would need to be closed, and a new one opened. They said they would get a colleague to call back to start the process.
When the scammer called back, they had access to the Barclays account. They described the types of current and savings accounts the victim had, which provided more confidence that the caller was a genuine Barclays employee. Furthermore, they moved money from the current account to the savings account to protect against further fraud.
During the last call, the victim was told a new account had been created, and they needed to transfer the money into that account to complete the process. This was completed via Bank Transfer, which unfortunately removed £10,000 of savings from their bank account and into the scammers.
At this point, we need to take stock of what the scammer was doing.
- Conveying a genuine and slow approach to convincing the victim they were from Barclays. The confidence trick was slow burning, using multiple people to provide the illusion of authenticity.
- When they called, they asked for a part-piece of security information each time to verify the customer. Over several calls, they acquired the complete information – enough to access the victim’s online account.
- The scammer had cloned one of Barclays 0800 numbers; therefore, a simple website check would have given the illusion it was authentic.
- Even with the security information gleaned from the calls, they did not have enough to make an external transfer. The transfer was completed over the phone, with the scammer holding the victim’s hand and applying pressure.
As you can see, it was pretty sophisticated and, sadly, successful. The scammer played a slow and steady game, each step of the way building confidence that this was a genuine Barclays employee.
This scam resonated with us as the victim is a technology-savvy corporate professional. Not someone you would associate with falling for a scam. But they did fall for it due to the slow-burning sophistication, which means it can happen to anyone.
Protect Yourself From Phishing, Smishing, and Vishing Scams
Phishing and similar scams can be very convincing, and it’s not hard to see why someone would fall for one. However, taking a few easy cautionary steps can ensure you’re protected.
- Be suspicious when someone calls and pertains to be from a company. Our best advice is to challenge the caller, never provide any security information (even in part) and call back on a trusted number to verify the caller.
- As mentioned above, never provide your personal information in response to an email, text message, or phone call. Legitimate companies will never ask for this information in this way.
- Always check the URL of a website before entering any personal information. If the website doesn’t look legitimate, don’t enter any information. If you’re unsure, then rather than clicking on the link, type in the address of the site it claims to be from yourself and navigate to its login page. If you go to the site and see no messages or alerts, with everything seeming normal, that’s just more confirmation that something is incorrect.
- Never share your passwords with anyone else.
- Regularly update your antivirus software and firewall settings to ensure your devices are protected.
Following these guidelines can protect you from most phishing, smishing, and vishing scams. Always be vigilant when browsing the internet and immediately report any suspicious activity or emails to your bank or credit card company.