Smishing and Vishing: What's the difference between them?

• Smishing, also known as SMS phishing is a type of social engineering attack that uses text messages in order to deceive recipients.
• Vishing is a type of criminal phone fraud that uses voice messages to obtain personal information or money from victims.

What is Smishing?

Smishing, also known as SMS phishing is a type of social engineering attack carried out in order to steal user data including personal information, financial information, and credentials. Smishing also aims at laundering money from victims

In Smishing, scammers send phishing messages via an SMS text that includes a malicious link. The phishing messages trick recipients into clicking the malicious link, which redirects them to a phishing page where personal information is harvested.

Example of Smishing - Lucky Draw campaign

In February 2019, a new smishing campaign targeted Indian Nokia owners stating that they have won a lucky draw. This smishing campaign purported to be from ‘Nokia.com online shopping Pvt Ltd.co’ and claimed that the recipient has won either a Tata Safari or 1,260,000 Indian rupees. The phishing message then urged the recipients to pay Rs. 6,500 in order to claim the prize.

What is Vishing?

Vishing, also known as Voice phishing is a type of criminal phone fraud that uses voice messages to obtain personal information or money from victims. Vishing uses automated voice recordings to lure victims.

In Vishing, an automated voice call stating that the recipients’ bank account has been compromised is sent. The voice message then asks the recipient to call a specified toll-free number. Once users call to that toll-free number, the user’s bank account number and other personal details are harvested via the phone keypad.

Examples of Vishing - Vishing against Singapore Airlines

A vishing campaign against Singapore Airlines was observed by researchers. The campaign made voice phone calls to Singapore Airlines customers and stated that they’ve been selected for a draw or have won air tickets. The voice message then requested the personal and financial information from the recipients.

How to stay protected?

• It is highly recommended to never click on any links in text messages that are from unknown sources.
• Never respond to any text messages asking for personal information.
• Experts recommend not to call back to the phone number given in a text message or voicemail.
• It is always best to verify the legitimacy of the source before responding to text messages or voice calls.
• Security researchers recommend implementing good verification software that identifies spam numbers.