Blog

Smishing and vishing: The sneakiest types of fraud

Written by Ryan Hamrick | May 13, 2025

Cybercriminals have become more and more sophisticated in their methods to deceive and defraud unsuspecting people. Among the various tactics they employ, smishing and vishing stand out as particularly sneaky and effective. Let’s explore what smishing and vishing are, how they work—and most importantly—how you can protect yourself from falling victim to these scams.

What is smishing?

Smishing, or SMS phishing, is a type of cyberattack conducted through text messages. Just like e-mail phishing scams, smishing messages often include a threat or enticing offer to get recipients to click a link or provide personal information. The link may lead to a fake website designed to steal sensitive data or install malware on your phone.

Example:

You might receive a text message claiming to be from your bank, stating that your account has been suspended and asking you to click a link to unlock it. If you do, you could end up downloading malware onto your phone or sharing your account details with fraudsters. Another insidious tactic is when the attacker sends a simple message saying, “Hi,” or another greeting, attempting to engage you in conversation or offering you a job.

While most are more cautious with e-mail scams, text messages still often feel legitimate and thus can be more effective for attackers.

How to avoid smishing attacks

  • Be suspicious of unsolicited text messages, especially those with urgent requests or offers.

  • Check for spelling or grammatical errors in the text, as legitimate business communications should be professional.

  • DO NOT click on any links from unknown numbers. Instead, contact the company directly using contact information on their official website.

What is vishing?

Vishing, or voice phishing, involves fraudulent phone calls or voicemails from scammers posing as legitimate entities, such as banks, tech support services, or government agencies. These callers will try to manipulate you into sharing sensitive data or making financial transactions, often applying pressure.

Example:

You might receive a call from someone claiming to be a representative from your bank’s fraud department informing you of suspicious activity on your account and requesting your account details to verify your identity.

How to avoid vishing attacks

  • Be skeptical of unsolicited phone calls, especially from unknown numbers.

  • NEVER provide personal or financial information over the phone unless you have initiated the call to a trusted and verified phone number.

  • Remain calm and don't feel pressured to act quickly or disclose information you are uncomfortable sharing. If unsure, hang up and contact the company directly using the number listed on their official website.

Tips to protect yourself from smishing and vishing scams

  • Stay updated: Keep all software and security systems up to date on your devices, including phones, tablets, laptops, and computers.

  • Verify ID: Before responding to any communication requesting personal information, verify the sender's or caller's identity through official channels.

  • Don't share information: Avoid sharing personal or financial information online or over the phone unless you made the call and it is absolutely necessary.

  • Stay strong: Create strong, complex passwords for all your online accounts and enable multi-factor authentication (MFA) whenever possible.

  • Get educated: Stay informed about the latest scams circulating and educate your colleagues to recognize red flags and take preventative measures.

  • Report suspicious activity: If you receive a suspicious message or call, report it to your organization’s security department to warn others and prevent further attacks.

<strong>Read more: <a href="/blog/crafting-a-winning-ai-strategy-for-cybersecurity-empowering-teams-with-technology-and-insight">Crafting a winning AI strategy for cybersecurity: Empowering teams with technology and insight</a></strong>

What can organizations do?

Preventing smishing and vishing attacks

Organizations can combat smishing and vishing with the following strategies:

  • Awareness campaigns: Educate employees on identifying smishing and vishing attempts and make it simple to report them.

  • Verification processes: Always verify callers and messages through official channels or using a pre-shared code word.

  • Security tools and policies: Implement tools to detect and block smishing and vishing and establish policies for handling sensitive information requests.

Many people fall victim to scams at work due to distraction and pressure. Organizations should implement mandatory, regular security awareness training with clear policies to heighten and internalize awareness. Reporting phishing attacks can help prevent future occurrences and inform security training. Constant vigilance and updated strategies are crucial to combating phishing.

As cybercriminals continue to evolve their tactics, staying vigilant and informed is absolutely crucial. By understanding current tactics and trends—and implementing these protective measures—you can safeguard your personal information and thwart the efforts of cyber scammers.

<strong>Read more: <a href="/blog/the-dark-art-unveiled-countering-ai-phishing-tactics-with-ai-phishing-detection">The Dark Art unveiled: countering AI phishing tactics with AI phishing detection</a></strong>
View full post