How to Spot Phishing, Vishing and Smishing Scams - Nationwide (2024)

Table of Contents
What is phishing? How to spot phishing emails What to do if you’re a victim of phishing What is vishing? How to identify a vishing scam What to do if you think you are a victim of a vishing scam What is smishing? What to do if you suspect a smishing text message What to do if you think you are a victim of a smishing scam How can you learn more?

How to Spot Phishing, Vishing and Smishing Scams - Nationwide (1)

Social engineering is a technique used by criminals and cyber-crooks to trick users into revealing confidential information. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity.

Cyber criminals want your information, so they can commit identify theft or fraud – which can be avoidable if you take the right precautions. The best defense is to be aware and know what to do if you suspect you are a target.

There are three main types of social engineering attacks: phishing (email), vishing (phone), and smishing (text). Here’s some great advice on how to spot them, what to do if you receive one, and who to call if you think you’ve fallen victim to an attack.

See Also
Which of the following is not a common approach to phishing

What is phishing?

Phishing emails are the primary attack method in the cyber criminal’s playbook. These attacks try to trick you into taking an action, such as clicking a link, opening an attachment or responding with sensitive information. We’re all a target, both at work and at home, because our information – and our devices – are worth good money to cyber criminals.

How to spot phishing emails

These are the most common identifiers associated with phishing attempts. Use these red flags to review all external email:

  • Lack of personalization. Did the email use a generic salutation such as ‘Dear Customer’ or nothing at all? Service providers usually know who you are and typically personalize emails with your name and the last few digits of your account number.
  • Bad spelling and grammar. Legitimate businesses go out of their way to proofread their email. If an email has lots of spelling mistakes or improperly worded sentences, it’s likely a phish.
  • Strange website links. If you hover your mouse over a website link, you will see the actual destination of the website you’re about to visit (on some mobile devices you can accomplish the same thing by holding your finger on the link for a second or two). If that location differs from the way the link is written in the email, it’s a good indication of an attack.
  • Suspicious attachments.If you don’t know the sender, or receive something from a friend that looks suspicious, don’t open the attachment. If it is from someone you know, you can always pick up the phone and give them a quick call to make sure they actually sent the email.
  • Requests for sensitive information. Be suspicious of requests for sensitive information, such as user IDs and passwords, financial account numbers, health information or social security numbers.
  • Unfamiliar sender. The sender is someone you do not know, and the email address is one you’ve never seen before or looks different than it should.
  • Authoritative-sounding sender. A person representing a company or entity sends an email asking for information they should already have.
  • Blank or “undisclosed” recipients. Sometimes phishing emails are sent to a lot of people. Other times you see something like “undisclosed recipient list” in the “To:” field. Both are potential red flags.
  • Urgent call to action. Messages of an urgent nature, or requesting an immediate call to action, are a common method used to rush people into making mistakes and is another good indicator of phishing.

What to do if you’re a victim of phishing

If you fall victim to a phishing attack, a swift response is pivotal. Change your password for all online accounts including your email, banking, retail, and any others. After your account access is resecured, contact your credit card company to find out if one or more of your cards should be replaced. You should also notify one of the three major credit bureaus to place a fraud alert or freeze on your account. It also can’t hurt to update your antivirus software and keep a watchful eye on all your accounts to monitor any suspicious activity over the following days.1

What is vishing?

Vishing is a telephone-based form of social engineering where someone calls you directly and pretends to be from a legitimate company or service. Once on the line, they ask questions, try to get you to do something, or direct you to a website to obtain personal information, such as social security or financial account numbers.

How to identify a vishing scam

  • Check the company. Is the phone call from a legitimate company? If you can, look up the phone number or company name to see if it is legitimate. Always be extra cautious if it’s a company you’re not familiar with.
  • Call them back using a number you have on file. If the caller says they are from a company you know or do business with, hang up and call them from a number you know. For example, if a caller says they are from your bank, call them back with the number on the back of your card.
  • Watch out for requests for sensitive information. Be suspicious of requests for sensitive information, such as user IDs and passwords, financial account numbers or social security numbers.
  • Be careful with websites. Be suspicious of requests to visit a website, particularly to fill out a form or download software.
  • Protect your computer. If you are asked to access anything on your computer, beware! Do not download software, give the caller access to your computer, or modify systems files in any way.
  • Hang up. When in doubt, hang up the phone and do not accept future calls from the number.

What to do if you think you are a victim of a vishing scam

If you accidentally provided your financial information to a scammer over the phone, it is crucial that you take immediate steps to protect yourself. Call your bank and alert them to the possibility of fraudulent charges – there is a chance some have already been made that need to be canceled. You’ll also probably need to cancel your cards and get new ones, and you may even need to change your account numbers. You should also put a fraud alert or freeze on your credit with one of the three major credit bureaus. In the fallout from the attack, think about red flags you can learn from and recognize in future scam attempts.2

What is smishing?

Smishing is a form of social engineering that exploits SMS, or text, messages. Text messages can contain links to such things as webpages, email addresses or phone numbers that when clicked may automatically open a browser window or email message or dial a number.

This ruse tends to be effective because while most of us have learned to recognize phishing emails, we are still conditioned to trust text messages. Also, there’s no easy way for us to preview links in a text message like we can if we are viewing an email on a PC.

What to do if you suspect a smishing text message

  • Validate any suspicious texts. If you get a text allegedly from a company or government agency, check your bill for contact information or search the company or agency's official website. Call or email them separately to confirm whether you received a legitimate text. A simple web search can thwart a scammer.
  • Don’t engage. Never click links, reply to text messages or call numbers you don't recognize. Do not respond, even if the message requests that you "text STOP" to end messages.
  • Delete it. If you don’t know who it’s from and it looks suspicious, simply delete the text.
  • Update your device. Make sure your smart device OS and security apps are updated to the latest version.
  • Add extra security. Consider installing anti-malware software on your device for added security.

What to do if you think you are a victim of a smishing scam

If you believe you have fallen victim to a smishing scam, change your account passwords and PINs and contact your bank to put them on watch for or cancel any fraudulent charges. You may also want to put a fraud alert or freeze on your credit with one of the three major credit bureaus.3 You should also report the attack to a law enforcement agency such as the FTC.4

How can you learn more?

Phishing, vishing, and smishing are all examples of the constantly evolving nature of criminal activity as the world moves more and more of itself into digital space. To stay on top of these threats, it’s about these threats and the resources available to you in facing them, check out the Nationwide Business Solutions Center.

[1] https://us.norton.com/internetsecurity-online-scams-what-to-do-when-you-fall-for-an-email-scam.html, Accessed September 2021.
[2] https://us.norton.com/internetsecurity-online-scams-vishing.html, Accessed September 2021.
[3] https://www.kaspersky.com/resource-center/threats/what-is-smishing-and-how-to-defend-against-it, Accessed September 2021.
[4] https://www.fcc.gov/avoid-temptation-smishing-scams, Accessed September 2021.

See Also
What Is a Phishing Attack? Definition and TypesWhat is Phishing? Common Attacks & How to Avoid ThemHow to Identify a Phishing Attack | CofenseHow to recognize a vishing scam and protect yourself from attack
How to Spot Phishing, Vishing and Smishing Scams - Nationwide (2024)
Top Articles
71 Threats Examples for a SWOT Analysis (2024)
Man Has Had It With Naive Girlfriend After Her Last Stunt Leaves Her Without The College Fund That He’s Been Helping Save For
Antisis City/Antisis City Gym
Roblox Roguelike
Tabc On The Fly Final Exam Answers
Trabestis En Beaumont
Toyota Campers For Sale Craigslist
Chase Claypool Pfr
Sinai Web Scheduler
Midway Antique Mall Consignor Access
Housing Intranet Unt
The Weather Channel Facebook
Aktuelle Fahrzeuge von Autohaus Schlögl GmbH & Co. KG in Traunreut
Munich residents spend the most online for food
50 Shades Darker Movie 123Movies
DBZ Dokkan Battle Full-Power Tier List [All Cards Ranked]
Huntersville Town Billboards
Www.publicsurplus.com Motor Pool
Wbiw Weather Watchers
Empire Visionworks The Crossings Clifton Park Photos
Scheuren maar: Ford Sierra Cosworth naar de veiling
48 Oz Equals How Many Quarts
Celina Powell Lil Meech Video: A Controversial Encounter Shakes Social Media - Video Reddit Trend
Helpers Needed At Once Bug Fables
Wood Chipper Rental Menards
Margaret Shelton Jeopardy Age
Maine Racer Swap And Sell
Ullu Coupon Code
Tottenham Blog Aggregator
Ups Drop Off Newton Ks
Ipcam Telegram Group
Used 2 Seater Go Karts
Landing Page Winn Dixie
Murphy Funeral Home & Florist Inc. Obituaries
Glossytightsglamour
Joe's Truck Accessories Summerville South Carolina
1-800-308-1977
Why The Boogeyman Is Rated PG-13
4083519708
Bimmerpost version for Porsche forum?
Craigslist Lakeside Az
Msnl Seeds
Otter Bustr
Craigslist Gigs Wichita Ks
968 woorden beginnen met kruis
Courses In Touch
FedEx Authorized ShipCenter - Edouard Pack And Ship at Cape Coral, FL - 2301 Del Prado Blvd Ste 690 33990
Stitch And Angel Tattoo Black And White
De boeken van Val McDermid op volgorde
2000 Fortnite Symbols
Blippi Park Carlsbad
The Ultimate Guide To 5 Movierulz. Com: Exploring The World Of Online Movies
Latest Posts
Husband Is In Shock After He Sees $170K Missing From His Daughter’s College Fund, Finds Out His Wife Spent It
how to allow nsfw on discord on iPhone?
Article information

Author: Corie Satterfield

Last Updated:

Views: 5956

Rating: 4.1 / 5 (62 voted)

Reviews: 93% of readers found this page helpful

Author information

Name: Corie Satterfield

Birthday: 1992-08-19

Address: 850 Benjamin Bridge, Dickinsonchester, CO 68572-0542

Phone: +26813599986666

Job: Sales Manager

Hobby: Table tennis, Soapmaking, Flower arranging, amateur radio, Rock climbing, scrapbook, Horseback riding

Introduction: My name is Corie Satterfield, I am a fancy, perfect, spotless, quaint, fantastic, funny, lucky person who loves writing and wants to share my knowledge and understanding with you.