How to Avoid Common Types of Fraud: Phishing, Vishing, and Smishing

We have explained how spoofing can be used to deceive a fraud victim. Now let’s look at a few other common methods fraudsters use in conjunction with spoofing to gather information and carry out their scams: phishing, vishing, and smishing.

 

PHISHING

Phishing is defined in the Cambridge English Dictionary as “an attempt to trick someone into giving information over the internet or by email that would allow someone else to take money from them.” The term “phishing” is derived from the word fishing. There is a bait or lure, often indicating a sense of urgency, that scammers use to reel in a “catch” and entice a victim to provide personal information.

An example of a phishing bait or lure would be an email indicating suspicious transactions on your account or card. Appearing to be a legitimate request from your financial institution or credit card company, a fraudster will request your personal information to unlock your account. They may even ask for your banking credentials as verification. Don’t take the bait! Legitimate companies will not ask you to send personal information over email.

What other baits or lures should you watch out for? While the following list is not all-inclusive, here are a few typical indications that a message is likely a phishing email:

• You are supposed to “click on” an attachment.
• You must respond to a social media request.
• You have to enable “macros” to view the attached file, which can introduce harmful coding to your computer and give fraudsters access to your information.
• You are unexpectedly asked to update your password.
• You receive a job offer from an unknown email address requesting personal information in order to hire you.
• You are notified that you have won a lottery that you did not enter. In order to collect your winnings, you must provide account information to pay the taxes due.
• An old “acquaintance” messages you out of the blue looking to renew your friendship.
• Your new “friend” asks you for financial favors.
• A “government agency” emails you to ask for personal information.

Phishing doesn’t happen only by email. Another popular “phish pond” is a website with “unsolicited surveys” asking questions that may provide the fraudster with answers to potential security questions and/or passwords you may be using. These surveys will often ask about your favorite color, the first vehicle that you owned, your school mascot, and other common security questions. Exercise care when participating in random surveys for “fun,” as someone could be gathering information to perpetrate fraud. And remember, never click on a link on an email unless you are certain it is from a reliable source.

 

 

VISHING

Vishing is another common fraud method that has the same intent as phishing—to gather information from an unsuspecting victim and commit fraudulent acts. While phishing occurs in emails and on the internet, vishing takes place over the phone. A fraudster will typically call posing as a reputable business or government agency to coerce their victims into disclosing personal information. They often pretend to be your banking institution, the police, the Social Security office, computer technicians, and, in some cases, a family member.

As mentioned in our spoofing blog, a fraudster can change the caller ID to make the call appear legitimate. If you receive a call from someone requesting personal information which you do not feel comfortable providing, hang up and contact the business or government office directly with a number that you know is correct. (You can find the right number on their website or in an official communication that you know is legitimately from the business or agency.) It is better to confirm that the call was legitimate before disclosing any personal information. If the call was legitimate, the business or government agency should have a record of the call.
Beware of any “urgent” situations that try to shock you into sending money or providing your information. Some examples of “urgent” circumstances fraudsters often use include the threat of arrest, a family member in distress, a prize such as a cruise or winning lottery ticket, and a suspicious charge on your card. The sense of urgency often catches people off guard and clouds their thinking, which can lead them to provide information to the fraudster. Always be skeptical of any call about an urgent situation. Take the time to pause, ask questions, and even do some research. Confirm before you confess!

 

SMISHING

Smishing is another variation used by fraudsters that combines phishing with texting, also known as short message service or SMS. This is where smishing gets its name—from merging SMS with phishing. Instead of an email, the fraudsters may use a text message to request information in hopes the recipient will respond. Similar to a phishing email, smishing attempts may also contain a malicious link that, if accessed, could download malware on your phone and provide access to your personal information.

As with emails and phone calls, be very careful responding to texts that ask you to provide or update your personal information. A financial institution or a merchant will never request you to update your information by sending you a text message. And remember, never click on any links in an “urgent” text message, as it is most likely fraud. Don’t get hooked!