Summary of Phishing, Smishing, and Vishing Scams SEC Alert

The SEC is responsible for educating investors about the common ways fraudsters and scammers use to obtain funds.

Phishing, smishing, and vishing are forms of financial fraud. The fraudster tries to trick you into sharing sensitive financial and personal information.

The difference between the three scams is the platform the fraudster uses.

1. Phishing

Phishing involves targeting customers using fraudulent emails. The email asks you to click on a link to a fake website that’s identical to your bank’s website.

It can also have an attachment with malicious software that downloads to your device when you click on it. The mails can also bait you using fake promos that your bank supposedly has.

Some tricks fraudsters use to make the emails appear real include:

• Names of existing people, government agencies, or companies

• Email addresses with the name of a real company or government agency

• Realistic logos and graphics

• Polished legal references and fine print

The emails try to communicate a sense of urgency using messages such as:

• Claims about account closure if you fail to update your account details

• Notifications about suspicious activity that requires you to verify your information

• Claims about issues with your payment information or account

2. Vishing

Vishing involves targeting customers via phone calls to try using information they acquired online.

The fraudsters steal sensitive information through phishing and then trick you into sharing a pin or SMS password to authorize an operation.

They claim to be your bank's employees and use alarming information to get you to share the information they need to complete transactions.

3. Smishing

Smishing involves targeting customers via direct messages, SMS, or WhatsApp on social media platforms.

The fraudsters posing as your bank send you notifications to alert you about a suspicious transaction on your credit card.

The message requests you to contact your bank and shares a fake number. Once you call the number, the fraudster asks for confidential information to help you cancel the transaction.

The message can also contain a link to a fake website that will ask you to fill in the confidential information.

What Kind of Information Do the Scammers Look for and Why?

Fraudsters steal your information to access your personal, financial, or email accounts. They require information like:

• Confidential information, including your license or passport number and Social Security number

• Financial, investment, and bank account numbers

• ATM PINS

• Usernames, passwords, and security codes for online banking

Protection Tips

• Avoid sharing confidential or sensitive information via random phone calls, emails, or texts

• Avoid replying to suspicious emails or messages and never click on attachments or hyperlinks in the messages

• If you get an email or message that looks to be from your bank, financial, or investment firm, contact them through the number you already have to verify the information

• Delete such communication immediately

• Activate multi-factor authentication for any online financial or investment accounts

• Install or download security software on all your devices

Protection Tips against Phishing

• Sign up to the Do Not Call Registry, so you have a choice to accept or decline telemarketing calls

• Avoid answering calls from unknown numbers and verify any new numbers on your voicemail before calling back

• If you answer a suspicious call, don't follow their instructions and hang up immediately

• If you get duped into a scam, contact your financial provider or bank immediately and change all the passwords to your online accounts