Phishing, Smishing, & Vishing, What’s the Difference?
Author: Adam Collins
Phishing attacks. You’ve probably heard it somewhere and chances are, you know it's not good for you. In fact, millions have lost their hard-earned money through such attacks. Also common nowadays are Smishing and Vishing, which are also becoming common, and sadly, deadly.
Sometimes, it can get confusing especially when cybersecurity experts keep dropping such jargon. In a nutshell, phishing attacks, as well as their variants Smishing and Vishing, are malicious activities that exploit human psychology and technology vulnerabilities to steal sensitive information, such as personal data or financial details.
Phishing is an unsolicited attempt to steal your sensitive data through emails. In most cases, it involves impersonating real brands and including links that infect your devices with malware.
Smishing on the other hand is where scammers use text messages or popular messaging apps such as WhatsApp and Slack to steal your data.
Vishing involves scammers using phone calls or voicemails to tempt you into revealing your personal information such as your social security number or bank information.
Now then, shall we look at each in depth and see how we can better protect ourselves?
1. Phishing Scams
The main goal of phishing is to steal your data and/or identity theft. It's one of the most reported scams in the world but sadly, people still lose money. The Federal Bureau of Investigation reports that over $52 million was lost to phishing scams in 2022.
Why Phishing Scams Persist Amidst Increased Consumer Awareness
In many instances, scammers often use sophisticated methods to steal from people. However, when it comes to phishing attacks, a simple, fairly straightforward email can do the trick. Here are some of the reasons why your phishing attacks still persist;
-
Scammers are relentless
With an estimated 3 billion spam emails sent each day, scammers are relentless with phishing attacks. Their hope is that someone might click, by mistake on one of the emails, and bang, they have access.
-
Impersonating big brands
Scammers know that by mimicking well-known and trusted brands, they can exploit the trust and credibility associated with those brands to their advantage. Hence, in their email, they will do all they can including logos, trademarks, and even lookalike email addresses. If you are not too careful, you can easily confuse the same with the real brand.
For instance, we reported scammers are sending “Suspicious Account Activity” impersonating Amazon. They account a whopping more than one-quarter of all the reports that Amazon receives.
-
Automation
Phishing attacks are often automated, allowing cybercriminals to target thousands or millions of potential victims at once. This volume ensures that even a small percentage of successful phishing attempts can yield significant gains for attackers.
-
Social engineering
Phishing relies on social engineering techniques that manipulate human psychology. Attackers exploit emotions like fear, curiosity, or urgency to make people act quickly without thinking. Even aware consumers can fall victim when faced with a compelling scenario.
2. Smishing Scams
Just like emails, SMS is very common in our day-to-day lives running into billions. However, lurking behind this sheer volume are scammers who want to sneak a link or two to unsuspecting customers.
Here are some of the common smishing scams;
-
Employment scams
Oftentimes, scammers will prey on job searchers' desperations to steal from them. They do this by impersonating big companies with false job offers resulting in users sending sensitive data or clicking on malicious links.
-
Urgent Messages
Any message, SMS or otherwise, that prompts you to act immediately should be treated with caution. From your loved ones being involved in accidents to “click the link today to avoid a late fee,” scammers want you to act unreasonably fast. They know, the faster you do it, the less likely you are to do your due diligence.
-
Redirecting Messages
There are cases where scammers will redirect you to a different website with the idea of stealing your information. The URL webpage is in full control of the scammers and the minute you key in your sensitive data, they will steal it. Scammers have gotten better with impersonation scams and might trick you into thinking you are on the right website only for you to lose your money.
-
Impersonating Loved Ones
Imagine a mother, sitting by her phone, when a message arrives. It appears to be from her son, but it's not. The message says he lost his phone and needs money for a new one and a ride home. Sadly, this is just a made-up story scammers use to trick parents into sending them money.
It’s not just parents who receive such kind of SMS, everyone is susceptible to such messages and, with whatever story you can imagine. The best thing to do is to reach out to the said person to verify the story. Avoid panicking or sending money straightaway without knowing the whole picture.
Source: Pixabay
3. Vishing Scams
Vishing is a cyber-attack where scammers use phone calls and voicemails to get your sensitive information. They might pretend to be someone from a reputable company or bank to gain your trust. They'll ask for personal details like your birthday or social security number, which they can misuse to access your private accounts and data.
Vishing attacks, also known as voice phishing, have become increasingly rampant for several reasons. Let’s take a look at each of them;
Scammers have honed their social engineering tactics, making it easier for them to manipulate individuals over the phone. They often play on emotions like fear, urgency, or trust, coaxing victims into sharing their sensitive information.
-
Use of Tech
Furthermore, the use of technology has made it simpler for scammers to mask their true identities, allowing them to impersonate legitimate organizations convincingly. Call spoofing, a technique that enables attackers to display false caller ID information, is frequently used to enhance the deception. This technology allows scammers to make it appear as if their calls are coming from trusted sources, thereby gaining the victim's trust.
-
A Wide Reach
The global reach of vishing is another factor, as attackers can target victims from around the world, making it challenging for law enforcement to combat these crimes effectively. This widespread scope allows vishing attacks to persist and evolve, making them a significant threat to individuals and organizations worldwide.
-
Low Costs
Lastly, the relative ease and low cost of executing vishing attacks, combined with the potential for high financial rewards, continue to incentivize scammers to pursue this form of fraud. As a result, individuals and organizations must remain vigilant and proactive in their efforts to educate, raise awareness, and implement strong security measures to combat the persistence of vishing attacks.
Final Verdict: Protecting yourself from Phishing, Smishing, and Vishing
Shielding yourself from these deceptive tactics doesn't require advanced technical knowledge. Here are some easy-to-follow tips that anyone can understand and implement:
-
Verify Before You Trust
Always double-check the sender's identity. Don't click on links or provide personal information to unsolicited emails, texts, or calls. If in doubt, contact the organization directly using official contact information.
Turn on 2FA wherever possible, as it adds an extra layer of security. Even if a scammer has your password, they are less likely to access your account without the second factor. Additionally, refrain from sharing your one-time password (OTP) with anyone to prevent them from having access.
-
Educate Your Family
Share your knowledge with family members, especially older or less tech-savvy individuals who might be more vulnerable to these scams. Encourage open communication and support one another in recognizing and avoiding such threats.
-
Don't Share Personal Information
Avoid sharing sensitive information, such as your Social Security number, bank details, or passwords over the phone, email, or text, unless you are absolutely certain of the recipient's identity.
-
Report Suspected Scams
Scams are the least reported crime with only 7% of the victims reporting scams according to the Global Anti-Scam Alliance (GASA). If you encounter a phishing, smishing, or vishing attempt, report it to the relevant authorities or organizations. This helps in tracking down and stopping scammers.
-
Regularly Check Your Accounts
Monitor your bank and email accounts for any suspicious activity. The quicker you spot a breach, the faster you can take action to minimize potential damage.
-
Trust Your Instincts
If something feels off or too good to be true, it probably is. Scammers often use emotions and urgency to rush you into making hasty decisions. Take your time to think and verify before taking any action.
Image Source: Pixabay
Report a Scam!
Have you fallen for a hoax, bought a fake product? Report the site and warn others!
Scam Categories
Help & Info
Popular Stories
As the influence of the internet rises, so does the prevalence of online scams. There are fraudsters making all kinds of claims to trap victims online - from fake investment opportunities to online stores - and the internet allows them to operate from any part of the world with anonymity. The ability to spot online scams is an important skill to have as the virtual world is increasingly becoming a part of every facet of our lives. The below tips will help you identify the signs which can indicate that a website could be a scam. Common Sense: Too Good To Be True When looking for goods online, a great deal can be very enticing. A Gucci bag or a new iPhone for half the price? Who wouldn’t want to grab such a deal? Scammers know this too and try to take advantage of the fact. If an online deal looks too good to be true, think twice and double-check things. The easiest way to do this is to simply check out the same product at competing websites (that you trust). If the difference in prices is huge, it might be better to double-check the rest of the website. Check Out the Social Media Links Social media is a core part of ecommerce businesses these days and consumers often expect online shops to have a social media presence. Scammers know this and often insert logos of social media sites on their websites. Scratching beneath the surface often reveals this fu
So the worst has come to pass - you realise you parted with your money too fast, and the site you used was a scam - what now? Well first of all, don’t despair!! If you think you have been scammed, the first port of call when having an issue is to simply ask for a refund. This is the first and easiest step to determine whether you are dealing with a genuine company or scammers. Sadly, getting your money back from a scammer is not as simple as just asking. If you are indeed dealing with scammers, the procedure (and chance) of getting your money back varies depending on the payment method you used. PayPal Debit card/Credit card Bank transfer Wire transfer Google Pay Bitcoin PayPal If you used PayPal, you have a strong chance of getting your money back if you were scammed. On their website, you can file a dispute within 180 calendar days of your purchase. Conditions to file a dispute: The simplest situation is that you ordered from an online store and it has not arrived. In this case this is what PayPal states: "If your order never shows up and the seller can't provide proof of shipment or delivery, you'll get a full refund. It's that simple." The scammer has sent you a completely different item. For example, you ordered a PlayStation 4, but instead received only a Playstation controller. The condition of the item was misrepresented on the product page. This could be the
