Summary of Phishing, Smishing, and Vishing Scams SEC Alert
The SEC is responsible for educating investors about the common ways fraudsters and scammers use to obtain funds.
Phishing, smishing, and vishing are forms of financial fraud. The fraudster tries to trick you into sharing sensitive financial and personal information.
The difference between the three scams is the platform the fraudster uses.
Phishing involves targeting customers using fraudulent emails. The email asks you to click on a link to a fake website that’s identical to your bank’s website.
It can also have an attachment with malicious software that downloads to your device when you click on it. The mails can also bait you using fake promos that your bank supposedly has.
Some tricks fraudsters use to make the emails appear real include:
Names of existing people, government agencies, or companies
Email addresses with the name of a real company or government agency
Realistic logos and graphics
Polished legal references and fine print
The emails try to communicate a sense of urgency using messages such as:
Claims about account closure if you fail to update your account details
Notifications about suspicious activity that requires you to verify your information
Claims about issues with your payment information or account
Vishing involves targeting customers via phone calls to try using information they acquired online.
The fraudsters steal sensitive information through phishing and then trick you into sharing a pin or SMS password to authorize an operation.
They claim to be your bank's employees and use alarming information to get you to share the information they need to complete transactions.
Smishing involves targeting customers via direct messages, SMS, or WhatsApp on social media platforms.
The fraudsters posing as your bank send you notifications to alert you about a suspicious transaction on your credit card.
The message requests you to contact your bank and shares a fake number. Once you call the number, the fraudster asks for confidential information to help you cancel the transaction.
The message can also contain a link to a fake website that will ask you to fill in the confidential information.
What Kind of Information Do the Scammers Look for and Why?
Fraudsters steal your information to access your personal, financial, or email accounts. They require information like:
Confidential information, including your license or passport number and Social Security number
Financial, investment, and bank account numbers
Usernames, passwords, and security codes for online banking
Avoid sharing confidential or sensitive information via random phone calls, emails, or texts
Avoid replying to suspicious emails or messages and never click on attachments or hyperlinks in the messages
If you get an email or message that looks to be from your bank, financial, or investment firm, contact them through the number you already have to verify the information
Delete such communication immediately
Activate multi-factor authentication for any online financial or investment accounts
Install or download security software on all your devices
Protection Tips against Phishing
Sign up to the Do Not Call Registry, so you have a choice to accept or decline telemarketing calls
Avoid answering calls from unknown numbers and verify any new numbers on your voicemail before calling back
If you answer a suspicious call, don't follow their instructions and hang up immediately
If you get duped into a scam, contact your financial provider or bank immediately and change all the passwords to your online accounts