Ever received a suspicious email, an alarming phone call, or a strange text message asking for personal details? You’re not alone. Phishing, vishing, and smishing scams are rampant, constantly evolving to trick unsuspecting individuals. Fortunately, with the right protection strategies, you can learn to recognize these threats and effectively defend your digital security.
What Is Phishing, Smishing, and Vishing?
Phishing, smishing, and vishing are all forms of social engineering, which are tactics that manipulate people into giving up sensitive information. The key difference lies in how the scam is delivered:
- Phishing – Scams delivered through fraudulent emails or fake websites.
- Smishing – Scams delivered via fraudulent text messages (SMS).
- Vishing – Scams delivered through fraudulent phone calls.
Recognizing the Red Flags
Protecting yourself from online fraud starts with being able to spot a scam before it’s too late. Read below to learn the telltale signs of phishing emails, suspicious text messages, and deceptive phone calls.
Phishing
Scammers send emails that look like they’re from trusted companies, such as PayPal or your credit union. These emails often create a false sense of urgency and include a link to a fake website that mimics the real one. If you enter your login credentials, the scammer captures them. These sites can also install malware, software specifically designed to harm electronic devices, or keyloggers, software designed to record keystrokes on a keyboard or phone to create a log of everything typed on your device.
Smishing
Smishing works similarly, but through text messages. These messages might claim to be from a government agency, delivery service, or your credit union. Clicking the link can take you to a malicious site, or it might prompt a scammer to follow up with a phone call. If taken to a malicious site, the scammer will try to obtain information from you by requesting you to enter online banking credentials, debit or credit card information, or other sensitive information. The malicious site typically mimics a legitimate website you frequent to lull you into a false sense of security.
Vishing
In a vishing attack, scammers call you — often using “spoofed” caller IDs that make it look like the call is from a legitimate source. They may claim your debit card has been compromised or your online banking is at risk. Their goal is to get you to share information like your debit card number, CVV, expiration date, or Secure Access Code (SAC).
How to Protect Yourself
- Don’t trust links or messages at face value. If you receive an unexpected message, email, or call requesting personal information or urgent action, don’t use any contact information they provide. Instead, find the organization’s official phone number on their official website or a trusted source, such as a bill, and call them directly to confirm the request.
- Be wary of immediate action demands. Scammers often create a false sense of urgency, claiming issues with your account, limited-time offers, or potential legal problems if you don’t respond right away. Take a breath, verify the source, and never click or share information under duress.
- Be skeptical of unsolicited messages or calls. One of the most effective ways to protect yourself is to question any message or call you didn’t initiate or expect. Scammers count on catching you off guard. Pause and be skeptical as these types of communications are often the first step in an attack designed to steal your personal information.
- Enable multi-factor authentication (MFA) for all of your accounts. A requirement of two or more verification factors prior to a successful login, such as a password and a Secure Access Code (SAC). MFA acts as a critical second line of defense, making it exponentially harder for unauthorized users to access your accounts. It’s also important to never share your Secure Access Code, a one-time code received via text, email, or call, with anyone. Most SACs will be delivered with language advising you not to share the information with anybody. The scammer may tell you to disregard that message.
My Information Was Compromised! Now What?
If you suspect you’ve been a victim of a phishing, vishing, or smishing scam, acting quickly can limit the damage. Don’t panic; follow these crucial steps:
- Immediately stop all contact with the scammer. Hang up the phone, do not reply to any emails, texts, or messages. Block their numbers.
- Report the incident to your bank or credit union, credit card companies, or any other financial institution involved to secure your finances. You can also contact local law enforcement, especially if you lost money, and the Federal Trade Commission.
- Secure your credit and identity using our guide: How to Protect Yourself from Identity Theft.
- Have your devices scanned by a professional to remove any malware or spyware.
- Change your passwords — especially for online banking — to something strong and unique. A strong password is one that contains uppercase letters, lowercase letters, numbers, and special characters, is hard to guess, but easy to remember, and is at least 12-16 characters long. Use a phrase or sentence-based password to add complexity. For example, “PsAv15tW@sm!”, which represents “Phishing, smishing and vishing are the worst at stealing my information.” Additionally, if you haven’t already done so, enable multi-factor authentication on all your accounts.
- Monitor your accounts regularly and dispute unauthorized charges with your financial institution right away.
Stay Vigilant, Stay Safe
Scammers are constantly evolving their methods. It’s very important that you stay informed, stay cautious, and don’t hesitate to contact the team of experts at Centris if you have concerns about suspicious activity.
Visit our Member Protection Center for the latest in fraud protection. As your trusted, lifelong financial partner, we’re here to help protect what matters most — you.
