How to avoid phishing, vishing & smishing scams
We define phishing, vishing, and smishing scams and go over how to prevent them.
By ATB Financial 9 September 2022 3 min read
Confused with all of the cyber security terms? We’re here to help debunk these common scams.
Sometimes, cyber security terms can get confusing (or don’t sound like real words at all). That can be the case when it comes to phishing, vishing and smishing scams. What are they? How do you identify them? And, most importantly, how can you prevent them?
We’re here to help break down these three common cyber security scams so you’re equipped to identify and avoid them.
How to identify phishing, vishing and smishing scams
Now that you know what these terms mean, how do you know if you’re being scammed?
- Request to share verification codes: Never share Two-Factor Authentication (2FA) codes with anyone, using text message (SMS) or over the phone.
- Inconsistencies in email addresses, domain names and links: look for email addresses that don’t match the contact’s usual email, links that don’t include the domain name or misspelled domain names. These inconsistencies point to a scam.
- Strange greeting and tone of voice: is a colleague addressing you too familiarly? Too formally? Does the person leaving the voicemail sound automated? These are red flags for phishing, vishing or smishing scams.
- An unusual request: if someone is asking you to do something that’s outside of the norm, there’s reason to distrust.
- Requesting credentials, payment information and other personal details: this is one of the biggest giveaways of a scam. Fraudsters can create fake landing pages and prompt you to login to your account to make an outstanding payment, for example.
- Suspicious attachments: received an attachment from an unfamiliar source? Weren’t expecting any files being sent your way? The attached file has an extension that’s associated with malware (.zip, .exe, .scr, etc.)? It may be a scam.
- Threats or a sense of urgency: if a message threatens you with negative consequences or demands immediate action, it should be treated with suspicion. Fraudsters hope to fluster you so you rush to act and miss other suspicious signs of a scam.
- Grammar or spelling errors: professional sources use spell check to make sure their communications are polished. If you see improper use of grammar and multiple spelling mistakes, that’s a red flag.
- Unsolicited communication: if you didn’t initiate the communication by opting into marketing communications with a company, then you should be suspicious.
- Unexpected offers or prizes: fraudsters will often prompt you to click a link or provide personal details by telling you that you’ve won a prize, qualify for a gift or get a discount on something.
- Vague messaging: fraudsters will use vague language to try to convince you that they’re legitimate. For example, a fraudulent message addressed from a colleague or boss could refer to “our previous meeting, where we discussed these confidential matters.”
Tips to avoid phishing, vishing and smishing scams
Some of these emails, calls, or texts can appear very convincing, using logos or mimicking legitimate communications that you might expect, but it’s important to remember that a reputable organization like ATB or a government agency will never ask for your personal information via email or text.
Also, pay close attention to the URLs you are being asked to click on. If it doesn’t look right, chances are it is not.
If you get an email or text that seems off, don’t reply, click on any links or unsubscribe to the emails, even if they threaten to close your account or limit your access. Report it to the organization who’s being spoofed by sending the email or a screenshot of the text as an attachment to the organization’s email, then delete it.
At the end of the day, the best defence against fraud is education. New fraud scams are emerging regularly. Knowing what’s out there equips you to identify suspicious communications and take the action to prevent being scammed.