Vishing, smishing and phishing decoded—and how to avoid getting scammed


They might just sound like niche hobbies, but vishing, smishing and phishing are no fun to be involved in! And if you don’t know what to look for, it’s surprisingly easy to fall prey to one of these scams.

But first, what do these weird words actually mean?

Generally speaking, “phishing” refers to any attempt by scammers to con people into handing over sensitive information that they can use to commit fraud. Nowadays, though, the term is often used to refer specifically to email phishing. If you're wondering why it's called “phishing”, no one knows for sure. The most likely theory is that it’s a combination of the words “fishing” (as in, “fishing for information”) and “phreak”, an early name for hackers.

Meanwhile, smishing and vishing are just types of phishing—via SMS for smishing, and via telephone (using the voice) for vishing. But, in all three cases, the scammer’s objective is to trick you into voluntarily giving them your personal data. So, to avoid getting scammed, you’ll need to know what to look for.

Email phishing

An email phisher wants you to hand over your details, either via an online form on a fake website or simply by replying to the email. They’ll usually do this by trying to make the email look like it came from a real company—such as a bank—and telling a story about why you need to provide your details, such as there being “a problem with your account”.

The most obvious giveaway is that a real company will never ask you to provide sensitive information, such as passwords or account numbers, via email or an online form apart from the one you usually use to log into your account. So, don’t do it.

Apart from this, there are a few other things to look out for:

  1. Do you know the company? If you’ve never been a customer, they wouldn’t want your details. Plus, they’d know your name—so, be wary of “Dear Sir/Madam”-type openers
  2. Does the sender look legitimate? Check the email address and any URLs the email wants you to click on. Do they look fake?
  3. Dodgy spelling, grammar and design A real company will rarely make these kinds of mistakes. So if the spelling and grammar are a little off, or the design is a little rough around the edges, chances are it’s a fraudster
  4. Promises of enormous wealth Never in the history of anything has anyone genuinely offered a random stranger vast sums of money if only they would provide their bank details
  5. Promises of doom Criminals like to use scare tactics. So, if they email suggests that something bad will happen or else, remember—it won’t

Smishing and vishing

Smishing often takes advantage of the speed of the smartphone with more fear tactics, pressuring you to immediately click a link or call a number—leading to vishing—to give your details.

Don’t do it. Instead, run through the steps above—most of which also apply to smishing—to see whether the text raises any red flags.

Vishing is often much easier to fall prey to, because a good visher can tailor their approach to your particular psychology in real time. So, to avoid getting taken in, it’ll help to bear four rules in mind:

  1. Don’t get into telephone conversations with strangers—that’s when they’ll try to manipulate you
  2. If you’re ever made to feel uncomfortable, don’t be polite—just hang up
  3. If you want to check whether the caller is genuine, say you’ll look up their company’s number and call them back. If they’re not genuine, you’ll know pretty quickly
  4. Don’t give out any information over the phone unless you called what you know to be a real number, and never give out your full password—a real company rep will only ask for a few characters

The Golden Rule

Whether its vishing, smishing or email phishing, and no matter what clever techniques they use to convince you of their authenticity, the scammer is ultimately relying on you giving up your details voluntarily. So, to avoid being taken in, there’s one Golden Rule you should always follow:

Never divulge any sensitive information unless you absolutely, totally, 100% know the request is genuine.

In short: If in doubt, don’t give it out. Because there’s nothing scammers hate more than someone who stubbornly refuses to be their victim. 

Are you up to date with the latest statistics and information about cybersecurity and public perception towards it? Check out Europ Assistance's 2019 Cyber and Digital survey for more information.