184744560It is more likely than not that people are familiar with the term phishing. But how about smishing and vishing? Even if you’ve never heard of them, there is a good chance you have encountered at least one of these types of hacking tactics because of how often they are used to trick people out of money and information.

Let’s review:

  • Phishing is when a perpetrator attempts to trick users into disclosing their sensitive information whether it be credit card information, passwords, or other personally identifiable information (PII). (For more information on phishing, check out an earlier blog post.)
  • Similar to phishing, with vishing and smishing, perpetrators also try to trick users into giving them their sensitive information – but they use different methods.

    Vishing, short for “voice phishing,” is basically phishing over the telephone. A good example is the fake IRS scam that affected thousands of people in 2015. In this instance, scam artists called individuals claiming to work for the IRS, threatening deportation, fines and jail if the individual didn’t immediately pay a certain amount of money over the phone. The scam quickly became one of the largest, most successful scams.

  • Lastly, we have smishing, short for “SMS phishing.” SMS stands for “short message service” and is basically a text message. An example of smishing is receiving text messages from a perpetrator claiming to be their bank or phone company in an attempt to deceive the person into providing sensitive information. For example, you may receive the following text message: “Your bank account has been suspended. Please click this link to reactivate your account by providing your account credentials.” Followed by this message, a link would be provided to a phishing site that would log and steal your provided credentials. It is important to never click links or even phone numbers provided in these messages. It is always a good idea to look up the organization’s phone number and ask a representative if the message was legitimate.

So how can you fight against these attacks? The first step is to be aware of them, and stay educated on the methods and types of attacks being conducted.


  • The IRS will never call you to request money, and it will never request payment information to be sent over the phone.
  • It is possible for an attacker to use fake phone numbers that make it look like a legitimate company is contacting you, so be very cautious if you don’t recognize the phone number.
  • These types of attacks generally use scare tactics. If the individual is making threats, hang up and contact local law enforcement.
  • In addition to using scare tactics, many scammers project a sense of urgency, indicating the importance of sending payments or information quickly to avoid consequences. Don’t be afraid to challenge the request or demand.
  • Don’t click links provided in text messages. It is always a good idea to call the actual bank or organization directly using the number provided on their website, not the one you are sent in the text message, to verify that the organization is indeed requesting this information. You will usually find they are not.
  • Legitimate companies understand that people are overly cautious about being scammed, so they are understanding and helpful when customers call to verify that they are not being scammed. If you challenge scammers, you will find they are not cooperative and often give up.

Think before you respond to any request that doesn’t feel right. Challenge, question and verify…and you will lessen your chance of becoming a victim.

Bethany LeFebvre is an intern in the Information Security department at the UVM Medical Center. She is a senior at Norwich University, studying Computer Security and Information Assurance. Her interests include reading, exploring local coffee shops, and finding local acoustic artists to support.

Subscribe to Our Blog