What Is The Difference Between Phishing, Smishing & Vishing? 

Uploaded on 2023-05-12 in NEWS-News Analysis, FREE TO VIEW, TECHNOLOGY--Resilience

Promotion

According to recent statistics, an internet user falls victim to cybercrime every 37 seconds. And since we’re spending more of our lives online, the problem only looks set to worsen. From 2020 to 2021, for example, cybercrime increased by 40 percent. This is likely due to more people using personal electronic devices for work and being online more during the COVID-19 lockdowns. 

Online scammers carry out identity fraud in various ways. From scam calls to fraudulent emails, and everything in between. Once they have your sensitive data, they can then steal your money, take out loans in your name, sell your credentials on the Dark Web, and impersonate you to commit crimes in other ways. 

With the increased threat of cybercrime, we are constantly being reminded to stay vigilant and aware of how fraudsters operate. The more we understand scams, the better equipped we are to avoid becoming victims. 

When being warned about cybercrime, you may have heard the terms "phishing", "smashing", and “vishing”. They sound similar, but you may be wondering whether they mean the same thing. Keep reading to find out. 

Are Phishing, Smishing and Vishing the same? 

Phishing, smishing and vishing are all types of identity fraud whereby scammers contact you in an attempt to steal your personal details or financial information. The fraudster pretends to be a trusted company or organisation, encouraging the recipient to voluntarily hand over confidential data or follow a link that installs malware like viruses, spyware, ransomware or adware on their device. 

The way you are targeted differs depending on which method the scammer uses. Phishing attacks are made over email, smishing is carried out via text messages, and vishing takes place over the phone. 

In this article, we’ll explain these terms in more detail, give tips on how to protect yourself against cyber attacks and advise on what to do if you do become a victim. 

What is Phishing? 

Phishing is a method of cyber fraud that’s carried out over email. The email will usually contain a malicious link that takes the recipient to what appears to be a legitimate website asking them to input sensitive data like usernames and passwords or financial information like bank details. This data will then be sent directly to the fraudsters, with the victim only becoming aware of what’s happened once it is too late. 

Often, fraudsters will duplicate the website of an official department or trusted brand to trick — or scare — people into thinking it is the real thing. The scammer may claim that the recipient’s account is locked and ask them to re-enter their login details on the fake site. 

Phishing attacks are usually designed with one or more of the following goals in mind: 

  • To inject malware 
  • To gain access to confidential information 
  • To receive money via a bank transfer or similar 

Cybercriminals are known for sending generic emails to a vast amount of people in the hope that some will be fooled. In marketing, this is known as the “Spray and Pray” method. 

What is Smishing? 

Smishing — or SMS phishing — is done over text or messaging apps and, again, will usually contain a malicious link from a company that seems legitimate. Smishing messages that pose as delivery companies, government bodies and banks are most common because these organisations often communicate with their customers via text message. When the fraudulent link is clicked on, victims will be taken to a form that is designed to either steal their data or download malware to their devices. Often, the link will be a shortened URL (which is harder to recognise as fake) urging recipients to take immediate action in the form of paying a postage fee for a parcel which is to be delivered, claiming a prize within a specific time period or verifying their identity because their financial details have been compromised.  

It is the urgency of these messages that makes these scam messages so effective. Additionally, they can be more successful than phishing and vishing scams because text messages feel more informal and personal (and therefore more trustworthy). Plus, mobile phones don’t tend to be as well protected as computers. 

What is Vishing? 

Phishing that’s done over the telephone is called vishing, because it is “voice” phishing.  

Again, the scammer will pretend to be from a legitimate organisation urging immediate action in order to acquire personal data from individuals, such as their bank details or login information, to gain access to their accounts. 

In the past, fraudulent phone calls were relatively easy to spot as they would be from an unknown number, and the caller would ask for bank details or money right away. Today, fraudsters are using increasingly sophisticated techniques to obtain the information they want. For example, a sophisticated phishing attack may start with a scam email and follow up with a vishing call from a fake caller ID to make the scene appear more convincing. Some may even record the call and prompt you to say the word “Yes” so they can use the recording to impersonate you on another phone call to authorise payments or access your bank accounts. 

How to Protect Yourself from Cyber Attacks 

As well as trying to trick individuals with these scams, cybercriminals target businesses too. This means everyone should take measures to protect themselves from cyber fraud. 

As mentioned, being aware of the techniques scammers use can make you less likely to fall victim. With that in mind, some of the signs to look out for include:  

  • A threatening or urgent tone -  An email, text message or phone call that urges you to take immediate action. 
  • Unexpected messages or phone calls - Especially if they sound too good to be true or try to intimidate you. 
  • An unknown sender or caller - If you don’t recognise the brand or organisation that’s contacted you, it may be a scam. 
  • A request for personal or financial information - For example, bank account details, credit card numbers or login details. 
  • Links - These may look like they come from a legitimate company, but they could be malicious links, especially if they look strange (for example, words broken up with dots or ending with something other than .com, .co.uk or .org). 
  • Errors - While more sophisticated scams appear convincing, others can be identified by spelling errors and grammatical mistakes 

If you are unsure about whether a phone call or message is a scam, you may find the following tips helpful: 

  • Instead of clicking on links you’ve been sent, visit the website via a search engine or by typing in the address of the organisation 
  • Refuse requests to modify your login details or other settings 
  • If you recognise the organisation, call them on their official phone number and ask them to verify that it was them who contacted you 
  • Don’t answer calls or text messages from numbers you don’t recognise, as doing so confirms that the number is in use and could increase the amount of scam calls you get 
  • Never reveal personal or financial information to someone who contacts you unexpectedly 
  • Type the details of the call or text into a search engine to see whether others have reported it as a scam 

Additionally, it is wise to install anti-phishing software to block malicious emails. 

What to do if you are the Victim of Cyber Fraud 

If you are unfortunate enough to fall victim to a scam, it is important that you do the following: 

  1. Block or suspend the account that’s been compromised 
  2. Report the scam to your bank or the police 
  3. Report the scam to a fraud prevention body like ActionFraud or the National Cyber Security Centre (NCSC). 

Summary 

Phishing, smishing and vishing are all types of identity fraud, whereby scammers posing as businesses, banks, official bodies, or charities contact you in an attempt to steal your personal details or financial information. The fraudster encourages the recipient to voluntarily hand over confidential data or follow a link that installs malware like viruses, spyware, ransomware or adware on their device. 

The way you are targeted differs depending on which method the scammer uses, which nowadays can include a phone call, email or via text message, so it's vital to have a good understanding of how these scams work. 

You Might Also Read:

What Is Email Spoofing & How to Protect Your Organization:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« What The Latest Cybersecurity Trends Mean For Your SME 
Which Sectors Are Top Targets For Cyber Crime? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Via Resource

Via Resource

Via Resource specialise in Information and Cyber Security recruitment in the UK, Europe and USA.

SecureDevice

SecureDevice

SecureDevice is a Danish IT Security company.

techUK

techUK

techUK represents companies operating in the tech sector in the UK. Focus areas cover all aspects of ICT including cyber security.

Celare

Celare

Celare delivers DPI based network perimeter monitoring solutions with integrated Big Data security analytics and threat detection.

Air Informatics

Air Informatics

Air Informatics LLC provides security, information management, analytics and informatics for IT and wirelessly enabled airplanes and operations.

th4ts3cur1ty.company

th4ts3cur1ty.company

th4ts3cur1ty.company specialize in delivering intelligence lead adversary emulation purple teaming & the bespoke building of Security Operation Centers.

Converge Technology Solutions

Converge Technology Solutions

Converge Technology Solutions Corp. is a North American IT solution provider delivering advanced analytics, cloud, cybersecurity, and managed services solutions.

CyberCyte

CyberCyte

CyberCyte provides a disruptive built-in integrated physical, network and perimeter security solution framework.

Cyber Intelligence House (CIH)

Cyber Intelligence House (CIH)

Cyber Intelligence House provides risk exposure solutions for a wide range of audiences including companies, government agencies, regulators, investors, law enforcement and consumers.

Viria

Viria

Viria is an information and security technology solution provider that promotes digitalization in a secure way.

Dynamic Quest

Dynamic Quest

Dynamic Quest is a managed IT, cloud and security services companies, providing a comprehensive range of technology services including cybersecurity, backup and disaster recovery.

Communicate Technology

Communicate Technology

Communicate Technology are IT, telecoms and cyber-security specialists, keeping over 500 businesses and 50,000 users connected and secure across the UK.

FoxTech

FoxTech

FoxTech is an independent, friendly and deeply specialised cyber security company in the UK, with expertise spanning decades of Public Sector and Government services.

Diligent

Diligent

Diligent's SaaS GRC platform gives leaders a connected view of governance, risk, compliance and ESG across their organization.

Information Technology Solutions (ITS)

Information Technology Solutions (ITS)

Information Technology Solutions is a single source provider for managing and securing mission-critical IT services.

Sealing Technologies (SealingTech)

Sealing Technologies (SealingTech)

SealingTech is a leader in cutting edge research, products, engineering, and integration services in the Internet of Things, Edge, Machine Learning, Artificial Intelligence, and Cloud.