Trying to minimize the risk of vishing and smishing takes awareness and safe practices. Vishing and smishing are forms of phishing that occur via phone call or text message. The tactics implied are based on manipulation and social engineering. Scammers look for bank account numbers, codes and passwords saved on smartphones to steal identities and financial resources. They also collect lists of phone numbers from the dark web or take advantage of companies that had sensitive data breached.
According to Social Engineer, a website that covers all aspects of social engineering, vishing is done using the "(...) practice of eliciting information or attempting to influence action via the telephone."
Smishing is a fraudulent text message that consists of a URL or a call back phone number. The "smishing" term comes from SMS (short message service) and phishing. Smishing attacks exploit SMS messages in which people are tricked into giving out their information. This scheme dates to 2004 and since then it evolved throughout time along with cell phones.
How to identify vishing and smishing?
Vishing has many faces, from fake IRS agents to court clerks. In addition, scammers will pose as immigration officers, attorneys, bank representatives, telemarketers soliciting business and fundraisers. They use false names and spoof caller IDs to seem credible. Scammers can't take "no" for an answer and will go to great lengths to get what they want. For instance, the victims in an IRS scheme
will receive arrest threats, while impersonators solicit business too good to be true.
On the other hand, smishing fraud brings con artists one step closer to their victims. One click can give them complete control over cell phones. Examples of smishing are an Apple ID reset or a delivery notification from a known brand.
In short, smartphone fraud is a phishing attempt. Vishing and smishing breaks the law and promotes suspicion online. The target can be any person or company but in the past years, seniors, immigrants, and businesses have been the most targeted. Therefore, we should be careful with unexpected calls and text messages from companies that we don't usually do business with. This also includes suspicious emails. As our series about cyber-security awareness continues, also learn how to detect common email fraud tactics.
Seven steps to minimize the risk of smartphone fraud (vishing and smishing):
- Research the institution online and match phone numbers
- Verify the business with the Better Business Bureau
- Set your phone to block apps from unknown sources
- Don’t click on links from suspicious phone numbers
- Don’t reply to texts messages asking for “confirmation details”
- Download an antivirus software
Where to report smartphone fraud?
- Arizona Attorney General, Consumer Complaints
- Federal Bureau of Investigation, Internet Crime Complaint Center
- Federal Trade Commission, FTC Complaint Assistant or call (888) 382-1222
- Local Consumer Information and Complaint Units in:
- Phoenix: (602) 542-5763
- Tucson: (520) 628-6504
- Outside of the Phoenix metropolitan area: (800) 352-8431