Vishing and smishing

Always follow your organization's official security guidelines when you encounter vishing

What is vishing and smishing?

Often called voice phishing, vishing uses social engineering tactics over phone calls to lure victims into revealing confidential information and accessing their bank accounts. Smishing on the other hand uses text messages for the same malicious acts.
 
As with phishing, smishing and vishing involves convincing victims that they are doing the right thing by responding to the caller or the text message. Typically, the caller or text message sender will pretend to be from the government, tax department, police, or the victim's bank.
 
Cybercriminals use threats and convincing language to convince their victims that providing the information requested is their only option. Some cybercriminals use strong language, while others suggest that they will help the victim avoid criminal charges.
 
Cybercriminals will also be topical and seasonal with their attacks, when tax season hits, criminals will leave messages pretending to be from the local taxation agency (like the IRS in the US). During the COVID-19 pandemic, cybercriminals called people to offer vaccines and testing kits in exchange for their bank account information and mailing address.
 

What should I do if I receive vishing?

Always follow your organization's official security guidelines when you encounter vishing

If you think you have been targeted by vishing, please stop for a moment before proceeding to provide them with what they are asking for.

Verify the person is who they say they are and represent who they claim to represent.

Remember, your bank, hospital, police department, or any government department will never call you to ask you for your personal information over the telephone.
Beware of any phone numbers the caller gives you to confirm their identity. Look up the number yourself and call it using an alternative phone. Cybercriminals can route phone numbers and create fake numbers.

Do not respond to emails or social media messages that ask for your phone number. This is the first step in a targeted phishing/vishing attack. Report these emails/messages to the IT/support team.

 

Was this article helpful?

5 out of 5 found this helpful

Have more questions? Submit a request