By now, most of us understand the concept of phishing.
Unsolicited emails pretending to be from high-profile businesses or Nigerian princes have become a familiar (if unwelcome) sight in our inboxes over the years.
Email spam filters and internet service providers are increasingly adept at weeding out these confidence tricks, even though messages occasionally slip through the net.
However, phishing has two lesser-known cousins, also trying to trick unwary consumers into surrendering personal information.
They’re known as vishing and smishing, and both target smartphone users in particular.
Here’s what you need to know about them…
Lots more vish in the sea
While vishing and smishing are both variants of phishing, the former is far more intrusive.
It’s a telephone scam, but like phishing campaigns, it often starts with an email.
It’ll ask the recipient to urgently ring a phone number regarding an account login, a recently-placed order or some other mundane activity.
Alternatively, the victim may receive a phone call from a spoofed or blocked number, purporting to be a bank or other supposedly trustworthy institution.
The voice on the phone will be calm and friendly, but their message is laced with urgency – unless you act immediately, personal data or financial accounts could be compromised.
Like phishing scams, damage only occurs by humouring the caller’s requests for login credentials, passwords or other personal data.
The sense of urgency discourages further investigation, giving the victim no time to objectively consider what they’re being told.
Once the call is over, newly acquired data will be used to empty bank accounts or purchase high-value items in the victim’s name.
Sophisticated vishing scams can take over a phone line, preventing it being used by the victim.
Subsequent outbound calls are picked up by the scammers, who maintain the illusion of danger by pretending to be whichever institution the victim has just tried to call.
Smish and grab
Vishing is often effective, but it’s resource-intensive from a criminal perspective.
Smishing is far more cost-effective, since it’s conducted via text messages.
An unsolicited SMS could ask the recipient to get in touch via a hyperlink to a bogus login page, where every keystroke is recorded for future impersonation.
Alternatively, the SMS might request recipients dial a phone number, leading to a vishing-style contact centre.
Texts are fired out indiscriminately, but an SMS claiming to be from Amazon regarding a recent transaction will periodically reach an Amazon customer who just bought something.
In these circumstances, it’s easy for a smishing message to snare an unwary victim.
As with phishing, vigilance and suspicion represent the best defences against vishing and smishing.
If in doubt, phone the institution using a different phone to check whether the message you’ve received is authentic.
You could also Google the phone number you were called from, or search for words or phrases in an SMS which might reveal fraud reports or spam warnings.