Smishing and vishing, what they are and how to recognize scam messages and calls from fake operators

Smishing And vishing they are variants of the famous phishing scam (variant of fishing“fish), which consists of fraudulent emails that – pretending to come from banks or others known entities – have the aim of extorting i sensitive data of the victim. These two scams are based on the same concept, but unlike actual phishing which occurs via email, these scams are carried out via SMS or voice call. They are scams that are often carried out in pairs by criminals, who lure the victim with a message (smishing) alarming, and then “sinking the blow” with one call coming from a fake operator (vishing).

In this article we will see how this type of scam works, what details allow us to recognize it in time and what to do if unfortunately we happen to fall for it.

Smishing and vishing
  • 1What is meant by smishing and how the fraudulent SMS scam works
  • 2Fake operators and fraudulent vishing calls
    • 2.1Fake problem solving and data theft
    • 2.2Telephone assistance and guided transactions
  • 3The effectiveness of these scams lies in transmitting trust to the victim
  • 4How to recognize and prevent scams
    • 4.1Important communications don't happen via text or call
    • 4.2Institutions do not communicate links via telephone
    • 4.3Spelling errors
    • 4.4We are the ones who call for assistance
    • 4.5How to fix it when we fall victim to smishing and vishing

What is meant by smishing and how the fraudulent SMS scam works

The messages of smishing they are created by scammers with the intention of pretending to be a well-known entity – such as a bank or an e-commerce platform – so as to extort sensitive data or money to the victims. These messages appear to actually come from the bank's number thanks to a technique called SMS spoofing, which consists of mask one's telephone number with the desired name, which is read as the sender by the victim. The spoofing it is functional for SMS, because banks or – for example – telephone operators often mask their telephone number.

Example of smishing with fake link

The messages of smishing they can be used just like emails from phishing, or how bait. Taking the case of a fake message from the bank, it comes in the text communicated to the victim something worrying, like for example the attempt by a stranger to access to ours I count. It is also communicated that a operator will call us to give us support. This message is for scare the victim and push him to to trust of the next call (vishing) he will receive, in which the crook pretends to be a operator of assistance.

Fake operators and fraudulent calls from vishing

Continuing with the previous example, we don't even have time to understand what is happening to us and recover from the fear that we are called by a unknown number. On the other end of the phone we find a very knowledgeable person who helps us he confirms what was read in message and tells us that he wants to do some checks to prevent our account from being blocked. At this point, there are several possibilities.

Fake problem solving and data theft

The scammer might ask us the data ours paper and the login credentials to our account so that we can use them to resolve the problem.
Once our data has been acquired – however – the scammer uses them to steal money from us. Sometimes it waits some time before using them so as not to make us suspicious and prevent us from blocking the card.

Telephone assistance and guided transactions

It can also happen that the fake operator, to help us, invites us to do some transactions on our account with his telephone supervision. Typically the operator invites us to make transactions to verify our account is working, ensuring that the money will be returned to us. It starts from a transaction of little value – for example €5 – which is actually returned to us. At this point, having gained our trust, he raises the stakes and asks us ever higher transactionswhich however will not be returned to us.

smishing and vishing sensitive credit card data

The effectiveness of these scams lies in transmitting trust to the victim

This kind of combined scam it's a lot effective thanks to the feeling of trust that the victim has for the scammer. The victim is led to think that someone else is trying to defraud them and therefore trusts in the fake operator.

There are also cases of smishing or vishing alone, in which we directly receive a text message or call from an unknown number in which someone tries to extort information from us. But in this case it is much easier to spot the scam.

How to recognize and prevent scams

How to understand so when we are faced with a case of smishing and/or vishing?

Important communications don't happen via text or call

The first important thing to keep in mind is that no bank will ever communicate with us via text message an anomaly on the account and, as with phishing, they don't get it never asked for card details or the account if not via the app or the bank's official platform.

If we receive a text message link or a telephone number, as the case may be make us suspicious. No organization sends this type of information without having been requested by us. Links contained in messages may take us back unsafe siteswhile as regards i phone numbersthey must always be looked for on the official websites of the institutions and do not rely on those received via SMS unless expressly requested by us.

Spelling errors

The messages of smishing may contain some spelling errors – which does not happen in official messages – and often the name of the organization is counterfeited.

We are the ones who call for assistance

For what concern vishing instead, we must keep in mind that we are never called from assistance, we are we That we call it. Nobody helps us in advance. So if an SMS from the bank worries us, we look for the bank's number on the official website and we call assistance.


How to fix it when we fall victim to smishing and vishing

If we immediately realize that we have given our data to the wrong person, we block the card immediately directly from the app of the bank or by calling assistance.

If, however, we realize it late and then find transactions on the account that we didn't make, then we can do it request for “disavowal” of the transactions to the bank, which if it recognizes the scam gives us the money.