Financial Education Blog

What are phishing, vishing and smishing?

They might sound cute and clever, but phishing, vishing and smishing are anything but that. Let’s take a look at these common attempts to steal your personal information and how you can protect yourself.
 
What is phishing?
Phishing is the fraudulent attempt to get you to reveal personal information. Most commonly, phishing occurs via email. The fraudster will pose as someone they are not in hopes that you will hand over your birth date, social security number, bank information and more. At the holidays, it could be someone posing as a shipping company who sends you a link to a fake order confirmation. Throughout the year, it can range from anything such as someone posing as a family member in a foreign country requesting a wire transfer to someone claiming to be investigating a complaint and asking you to click a link in the email to confirm details.

How do I protect myself?
Keep an eye out for generic requests for information, misspellings and incorrect logos or website addresses as these are telltale signs of phishing. Do not click on unsolicited or suspicious links as they could download malware to your device. Don’t send financial or other personal information via email or wire transfer to a sender threatening to discontinue services if payment is not received. If you believe that there may be a problem with the service specified in the email, call the company directly to confirm. And, use security software to protect against malware and viruses found in phishing emails; consider downloading safety software such as Trusteer, free from 7 17.

What is vishing?
Vishing is the fraudulent attempt to get your personal information through phone calls and voicemails.

Some common vishing attempts include claims that you will receive credit card protection, a vacation deal, or an extended car warranty if you just hand over your bank information. Sometimes fraudsters will impersonate a legitimate charity in an attempt to take your charitable donations.

There is also the IRS impersonation scam, which tops the IRS “Dirty Dozen” list for 2018. This is where you will receive a phone call or voicemail from “the IRS” stating that you owe taxes with threats of anything from arrest to driver’s or business license loss. The fraudster will often spoof the phone number for the IRS to look more official.
 
How do I protect myself?
Some telltale signs of vishing include demands for immediate payment; requests for wire transfer payment or debit or credit card information over the phone; and threats of police or legal action.

If you receive a phone call requesting a charitable contribution, don’t give your bank information over the phone. Instead, request that information be sent to you before you make your decision. If they say that they can’t and they need a donation now, it’s likely a fraud.

The bottom line is if you receive a suspicious call, hang up immediately. Then, report the call to the Federal Trade Commission. You can also add yourself to the National Do Not Call Registry.

What is smishing?
Smishing is phishing via text message. The name comes from the combination of SMS (short message services) and phishing. Again, the objective is to get you to surrender personal information. Similar to email phishing, the thief might ask you to click a link in a text that will install malware or ransomware on your phone, or they will pose as a fraud department claiming suspicious activity on your accounts and request personal information to “fix” the issue.

How do I protect myself?
Employ the same tactics as you would with email: do not click on links from, or give personal information to, unknown numbers. If you receive a text requesting such information, and you suspect that it could be from someone you know, do not send it over text. Instead, confirm that it is that person with a phone call.

It’s important to note that if you receive an Enfact or SecurLOCK Fraud Alert from 7 17, it will not request private information. Please be aware that 7 17 will never call you or send an email or a text message to request your online banking credentials.