The University of Texas at Dallas
close menu

Information Security

Phishing Explained – Vishing and Smishing

Student Blog: Leeann Swiggett

January 14, 2020

There are many ways people can try to scam you. One of the most common and popular tactics is phishing. There are several forms of phishing, including whaling, spear-phishing, search engine fishing, etc. Just like these, Smishing and Vishing are both derivatives of phishing, and we will be discussing both at length.

What Is Vishing? What is Smishing?

“Vishing” or “Voice Phishing” is when someone tries to deceive the person on the other line into revealing sensitive information. Usually, vishing involves an attacker impersonating an authority figure to make you gain their trust and reveal information. Sometimes, even the phone number the attacker is calling from will look familiar to make it believable that it is a company or person that you would know.

“Smishing” is vishing’s SMS equivalent.

Common Practices of Vishers/Smishers

The scammer will call or text you pretending to be an authority figure you know (bank, IRS, insurance company, Social Security Administration) and will try to gain your trust in order to ask for sensitive information. This information can be a username and password, credit card information, or even a two-factor verification text that they sent to your phone while trying to access one of your accounts. In circumstances like this, it makes it difficult for some to remember normal company protocols and not get caught in the scammer’s lies. Most companies, especially banks, will never call or text you in order to ask to reset your password or ask for information.

A real and common scam that has been active recently is the Apple Support scam. This is a scenario where attackers would call you claiming to be Apple Support and stating they need your Apple ID and password to reset your iCloud account. Giving this information would allow the scammer access to your iCloud account, which contains with very private information, such as address, date of birth, banking information, and more.

How to Prevent Vishing/Smishing

While vishing calls or smishing texts can be confusing, scary, and bothersome, here are some tips on how to know when you are being phished and how to deal with it:

  1. Do not answer unknown or unfamiliar numbers. Most of these scammers use numbers that look familiar to try to make you answer. When you block them, they will most likely try another number. If you answer, they will know your line is active and you are now considered a target. Not answering the phone at all can make it appear that your line is no longer in use, therefore getting you less of these scam calls.
  2. Think about who they say they are and what they are asking for. Most of the time, companies you do business with (cell phone provider, cable company, insurance company) will not call you to ask you for payment or password information. So, when someone calls asking you for this private information, the best approach is for you to end the contact and reach out to that company on your own through a proven contact method.
  3. Always report Vishing/Smishing/Phishing. If you ever experience an impersonator trying to get your information over the phone, it is always important to report this event to the UTD Information Security Office (or UTD police if you think you are a victim).