Fraudulent phone numbers and SMS or vishing and smishing. How to recognize them?

Chapters of the article

• What is vishing and smishing?
• Who are the scammers imitating?
• How to know if it is a scam?
• Also beware of phone number spoofing
• How to protect yourself from scam calls and texts?
• Summary

What is vishing and smishing?

Both terms derive from phishing. Phishing is a cyber scam in which attackers try to obtain your sensitive information, such as usernames, passwords, credit card numbers, etc. They use fake websites and emails that look like legitimate messages and websites from trusted institutions (such as your bank).

Vishing or voice phishing is then a fraudulent phone call. Again, scammers mimic legitimate institutions to obtain sensitive data. Smishing or SMS phishing is very similar to vishing, but instead of phone calls, scammers use text messages (SMS).

Who are the scammers imitating?

Banks and financial institutions

Fraudsters pose as bank employees and claim that there has been suspicious activity on your account or that your security information needs to be updated. In doing so, they ask you to confirm your personal and banking details or offer to help you resolve the alleged problem.

Technical support

Scammers pose as a tech support company, such as Microsoft or Apple, and claim that your computer has been infected by a virus or has some other technical problem that needs to be fixed as quickly as possible. They therefore offer to help fix the fake problem and often demand remote access to the device or payment for fake services.

Government institutions

Fraudsters pose as representatives of various government institutions, such as the Czech Social Security Administration. For example, they claim to have unresolved issues or debts and threaten legal consequences if their demands are not met immediately.

Delivery services

Scammers send messages that mimic notifications from delivery services such as UPS, DHL or the Czech Post, claiming that you need to confirm delivery or change the details of the parcel. The message contains a link to a fake website that asks for your personal details or payment.

Mobile operators

Scammers send messages that look like they are from mobile operators, claiming you need to update your account or pay a bill. The message contains a link to a fake website that looks like the mobile operator’s website.

Social networks and online services

Scammers may pose as representatives of social networks (e.g. Facebook, Instagram) or online services (e.g. Netflix, Amazon) and claim that login details need to be confirmed or that there has been suspicious activity on the account. The message contains a link to a fake login page that asks you to enter your login details.

E-commerce and payment services

Fraudsters may mimic well-known e-commerce platforms (such as eBay, Amazon) or payment services (such as PayPal) and claim that you need to confirm a transaction or your credit card details. The message contains a link to a fake website that looks like the official website of the e-commerce platform or payment service.

How do I know if it is a scam?

• Urgency and threat: Scammers often use tactics that cause stress and force you to act quickly. They claim that if you don’t take certain steps immediately, there could be serious consequences, such as legal problems or loss of money.
• Request for sensitive information: Legitimate institutions will not ask you to give sensitive information (e.g. passwords, credit card numbers) over the phone or via text message, including a link to their website.
• Request to install software: If someone asks you to install remote access or other software, don’t do it. Legitimate tech support won’t ask you to do this, and they won’t even call you in the first place on their own.
• Grammar: Fraudulent messages usually contain grammatical errors, typos, or use otherwise unusual language. This is definitely not something you will encounter with a legitimate institution.

How to spot a fraudulent site?

Smishing takes you from a link in an SMS to a fraudulent website that tries to mimic the official site. You won’t be able to tell the difference at first glance, so you need to engage your inner detective and investigate the clues:

• URL: Fraudulent sites often use URLs that are very similar to the legitimate site, but contain minor typos or unusual domain endings (e.g. cs0b instead of csob). They also often contain extra text that the legitimate site does not have (e.g. csob.overeniidentity).
• Page design and content: fraudulent pages often contain grammatical errors, typos, etc. They also have poor quality or blurry images and graphics. It also usually lacks a lot of information such as contact information, privacy policy, etc.
• Suspicious page behavior: the page may load slowly, contain broken links, or otherwise have unusual behavior.

Also beware of phone number spoofing

Also related to vishing and smishing is so-called spoofing. This is a technique in which an attacker uses the official phone number of an institution. In this way, they increase the likelihood that you will answer the call and trust the caller, or open a link in an SMS message.

How to protect yourself from fraudulent calls and SMS?

• Detailed questions: if you suspect a scammer, ask for specific information that the scammer may not know. For example, you can ask if they know who they are calling and what your account number is.
• Verify the information: If you receive a suspicious call or message, contact the institution using the official contact details (e.g. the phone number from the bank’s website). They will confirm if it is indeed their employee.
• Do not provide sensitive information: Never provide sensitive information over the phone or by text message. The bank will never ask you for your password, credit card number or similar easily misused information.
• Block suspicious numbers: If you receive suspicious calls or messages, block the number immediately so that fraudsters cannot contact you again.
• Don’t click on suspicious links: If you receive a text message with a link, don’t click on it. Check the web address and enter it manually into your browser.

Summary

Fraudsters often impersonate trusted institutions such as banks, tech support, government agencies and delivery services to increase their credibility. It is important to be vigilant and recognize warning signs such as urgent requests, grammatical errors and suspicious links. To protect against these scams, it is recommended not to provide sensitive information via phone or SMS, block suspicious numbers and verify information directly with the relevant institutions.