Learning how to recognize phishing, vishing and smishing attempts will help protect you against fraud and identity theft. As technology advances, cybercriminals use more sophisticated tactics to try to trick you into providing personal and financial information to commit fraud.

How to Recognize a Phishing Scam

Phishing is when a criminal uses bait to catch a “fish” the fish being the victim of their attack. They attempt to steal private information such as usernames and passwords, Social Security numbers, financial account information and other data that is then used for malicious purposes, often financial and identity theft.

Phishing is carried out through email, social media or malicious websites.  Scammers can impersonate legitimate financial institutions, businesses and government agencies.

Warning Signs of Phishing

  • Any type of contact through email, social media or other websites that ask for personal information should be a huge red flag.
  • The messages are often designed to create a sense of urgency, making you feel like you must act right away to avoid negative consequences. The messages may look very legitimate like they are coming from your bank, credit card company, business or government agency, they may contain company logos and branding that make them look real.
  • The messages may contain attachments or links that when clicked prompt you to provide personal details.
  • The messages often contain poor grammar and spelling errors.
  • The message may begin with a general greeting, rather than your name.
  • They may contain a demand for payment or invoice you don’t recognize.
  • If the message offers a prize, free tickets or money, limited time deals, contest winnings or other offers it is almost certainly a scam.

How to Recognize a Vishing Scam

Vishing is a term that combines “voice” and “phishing” to describe a scam that is carried out through a phone call. The goal of the criminal is to steal financial and personal information. The scammer may send a text message instructing you to call a number.

The caller impersonates a government agency, business, tech support agency or financial institution. The number they are calling from can look legitimate because they can spoof caller ID. They often convey a sense of urgency implying that your account is in jeopardy, and you must act quickly to protect yourself.

Warning Signs of Vishing

  • Red flags that should alert you to a vishing scam are urgency and fear tactics and requests for financial and personal information.
  • Calls from numbers you don’t recognize.
  • Poor grammar, unusual background sounds, voice glitches and poor call quality.
  • Robocalls with automated messages.

How to Recognize a Smishing Scam

Smishing scams are similar to phishing scams, the difference is that the scammers use SMS or messaging apps to conduct their cybercrimes rather than emails or phone calls. The term is a combination of “SMS” and “phishing.” The criminal creates a fake scenario, or “pretext”, to manipulate the victim with the goal of getting them to provide personal, confidential and financial information that leads to fraud.

Warning Signs of Smishing

The warning signs of smishing are similar to those of vishing.

  • Text messages from numbers you don’t recognize.
  • Requests for personal and financial information.
  • Prompts to click a link or call a phone number.
  • Poor spelling and grammar.
  • The messages try to create a sense of urgency or feel threatening.

How to Protect Yourself

  • Never respond to any message you are unsure of. If you receive a message that looks like it is coming from a legitimate source contact that source directly at a number you know to be true.
  • Never give any personal or confidential information to anyone through an email message, text message, phone call or online.
  • Mouse over any links or email addresses to see if they appear fraudulent.
  • Use a complex, unique password for every website and use MFA (Multifactor Authentication) on every website that offers it.
  • Keep the operating system, apps and programs on your computer and phone up to date.
  • Use antivirus software.
  • Don’t post your phone number online or give it out to people or businesses you don’t know.
  • Don’t answer calls from number you don’t know.
  • Delete all suspicious texts.
  • Join the National Do Not Call Registry through the Federal Trade Commission. Adding your number to the list can reduce the amount of telemarketing calls you receive. https://www.donotcall.gov/
  • Automated vishing calls rely on a response from the victim. Don’t press buttons or respond to prompts.
  • Never allow remote access to your computer, phone or other devices.
  • Trust your instincts, if something doesn’t feel right it’s probably not.
  • Freeze your credit with the three major credit bureaus, Equifax, Transunion and Experian and check your credit reports often.
  • Back up your computer and other devices to avoid data loss.
  • Review your bank and other financial account statements regularly so you are aware of any problems.