Connect with CREDO:

How to protect yourself (and your money) from phishing, vishing and smishing scams

If you’ve received a strange email, call or text recently that made you think twice, you may have been hit with a social engineering scam. Hackers and scammers are always looking for new ways to steal our personal information and money, and they are getting more sophisticated by the day.

Three common cyber attacks, known as phishing, vishing and smishing, are scams that criminals have been using recently to get people to click malicious links or hand over personal information, like a Social Security number, bank account login, passwords and more.

Here are some tips to help you identify these scams and protect yourself.

What’s phishing, vishing and smishing, and how do I spot them?

These are three sophisticated cyber attacks that prey on unsuspecting internet and mobile users to trick them into handing over their personal and private information. The sender may look legitimate, like your bank, credit card company, or streaming service, and ask you to reply or click a link to verify your information or sign up for a chance to win a free prize. When you click that link, you may be unknowingly downloading malware to your device or visiting a fake site that looks just like the website of your bank or cable company.

Phishing — which involves a fraudulent email asking you to click a link or download software — is probably the most popular of the three scams. According to the Federal Trade Commission, Americans lost $57 million from phishing scams in 2019 alone. 

  • How to spot it: Signs of a phishing email include spelling mistakes and grammatical errors, typos in the sender name or reply address ( vs. and strange or unexpected links pointing to a different URL than what is displayed.

Vishing is a portmanteau of “voice” and “phishing” and is a scam where criminals call or leave a voicemail asking for personal information. A vishing scammer will commonly spoof a phone number to make it look like it originated from a trusted source, like a local bank or an 800 number, and will try to convince you to reveal personal information. The FBI recently issued warnings that vishing scams are on the rise by organized crime rings, especially during the pandemic.

  • How to spot it: Signs of a vishing call include an unfamiliar caller ID, a caller claiming to be from the government, threatening legal action for unpaid taxes or claiming there are problems with your social security account, anyone unwilling to answer basic questions, or recorded messages that sound automated or ask you to press the keys on your phone.

Smishing is an unwanted text message asking for personal information or urging you to click a suspicious link. The word “SMiShing” is a mashup of SMS (short message service, or text) and phishing, so the attack is essentially a phishing scam conducted over text message. The scammer will typically appear to be a trusted source, like a bank or retailer, and attempt to trick you to click a malicious link or convince you to hand over private information.

  • How to spot it:  A text sent from an unknown number, spelling or grammar errors, or asking you to click a link to verify your information, offering a deal or prize, view an invoice, reactivate an account, or some other action you did not ask for.

How to protect yourself from these scams

  • The most obvious: If it feels like a scam, it’s probably a scam. Trust your gut.
  • If you receive an unsolicited phone call, text, or email, NEVER hand over your personal information, including passwords, bank account or Social Security numbers. Most creditors, companies and services will never ask for this information when calling you.
  • Never click a suspicious link, and never call or text back a number you don’t recognize. The same goes for any suspicious looking emails. Mark them as spam and delete.
  • Read our previous tip on how to block robocalls and spam calls.
  • Slow down. If the person contacting you is turning up the urgency, it’s most likely a scam. Take a step back and ask yourself if the situation feels right. Again, if this is an organization you recognize, call the customer service number published on its website.
  • Protect yourself ahead of time by turning on automatic updates on your computer and mobile device. Turn on multi-factor authentication, especially on your most sensitive accounts.
  • If you feel like the call, text, or email is legitimate, hang up with the caller or do not reply to the text message or email. Visit the website of the organization in question and call the customer service number.
  • If you’ve handed over your personal information or mistakenly clicked a link that you suspect to be fraudulent, change the passwords to your affected accounts, including your email and bank accounts, immediately. Run a virus or malware scan on your devices. Call the organization or company that you suspect this fraud originated from and explain the situation. Notify your bank, credit card company and/or credit agencies about the situation.