Phishing involves an email, often using the name and logo of a legitimate company, asking you to click a link and provide account details – which are then used to commit fraud. SMShing is essentially phishing via text, directing you to follow a link or call to provide sensitive account information. Vishing is phishing via phone, where the caller (or recording) warns you of the urgent need to confirm sensitive account information, or to call a number and provide it.
In order to avoid becoming a victim of a phishing, smshing or vishing scam, you need to know what to look for:
These scams often look legitimate – but legitimate companies don't use unsolicited communications or pressure tactics
E-mails, texts and calls will ultimately seek sensitive personal and account information, like Social Security numbers, account numbers, passwords or password prompts
Communications may also include links or attachments that install computer/mobile device viruses and/or keystroke loggers and should not be clicked on or opened
Messages use pressure to encourage you to click a link or place a call – immediately
Contact the institution named in the email or text you receive – before you provide any information. It's important to make contact by alternate means – other than a direct reply to the sender – to ensure you're communicating with a credible information source. For example, use the contact number on the back of your credit card to confirm the legitimacy of any email, text or call you receive referencing that card