Smishing and vishing: How cybercriminals use phone calls and texts to scam you
Phishing attacks are among the most prevalent cyber threats, and criminals continuously refine their tactics to exploit unsuspecting victims. Various methodologies such as phishing, smishing, and vishing are employed by scammers to deceive individuals into revealing personal information.
In this article, we’ll explain what vishing and smishing are, how they work, and how you can protect yourself from falling victim to these scams.
What is phishing scams?
Phishing scams are cyber attacks in which scammers trick victims into clicking on malicious links or downloading harmful attachments, often delivered through emails. The goal is to steal private information such as usernames, passwords, or financial details.
A typical phishing email may claim that your bank account has been compromised, urging you to click on a link to regain access. However, this link leads to a fake website designed to harvest your credentials. Once criminals obtain this data, they can access your accounts, steal money, or sell your information on the dark web.
While phishing is commonly associated with email, cybercriminals have expanded their tactics to include vishing and smishing – two increasingly widespread forms of attack. Want to dive deeper into phishing scams and how to protect yourself? Read our full guide on phishing attacks.
What is vishing?
Vishing (voice phishing) is a form of phishing that occurs via phone calls, commonly referred to as vishing attacks. Scammers pose as representatives from legitimate organizations – such as banks, government agencies, or tech support – to extract personal information from victims.
How vishing attacks work
Scammers often use pre-recorded robocalls or live calls as part of a phishing attack to manipulate victims into revealing sensitive data. Some common vishing tactics include:
-
Fake bank alerts: You receive a call claiming suspicious activity has been detected on your account. The caller asks for your account number or card details to “verify your identity.”
-
IRS or tax fraud scams: A caller claims you owe back taxes and must pay immediately to avoid legal consequences.
-
Tech support scams: Someone posing as a Microsoft or Apple technician claims your computer is infected and requests remote access.
-
Fake lottery or prize calls: You are informed that you have won a prize, but you must first provide personal details to claim it.
The danger of voice recordings
Some vishing scammers record calls and trick victims into saying "yes." This recording can then be used to authorize transactions or impersonate the victim in other interactions.
What is smishing text message?
Smishing (SMS phishing) is a phishing scam that uses text messages instead of emails. These messages often contain a fraudulent link or requests for sensitive information.
How smishing works
Smishing messages typically appear urgent, pressuring the recipient to take immediate action. Common smishing scams include:
-
Fake bank notifications: You receive an SMS claiming unusual activity on your bank account, urging you to click a link to verify your details.
-
Delivery scams: A message states that a package could not be delivered and provides a link to reschedule, leading to a phishing site.
-
COVID-19 scams: Fraudulent messages claim to offer government relief payments, vaccine appointments, or test results in exchange for personal information.
-
Subscription scams: A message informs you that a subscription is about to expire and directs you to a site to update your payment details.
Clicking on a smishing link can lead to malicious websites that steal your information or install malware on your device.
The rise of smishing attacks
Phishing scams, including smishing attacks, have increased dramatically in recent years. According to the Federal Trade Commission (FTC), U.S. consumers lost over $86 million to fraudulent text messages in 2020 alone. Cybercriminals are increasingly using smishing not only against individuals but also against businesses to gain access to sensitive company data.
How cybercriminals exploit phone calls and text messages
Cybercriminals are becoming increasingly sophisticated in their methods of scamming individuals through phone calls and text messages. These scams can take many forms, but they often involve tricking victims into revealing sensitive information or installing malicious software on their devices.
One common tactic used by cybercriminals is to send text messages that appear to be from a legitimate company, such as a bank or government agency. These messages may claim that the victim’s account has been compromised or that they need to take immediate action to avoid a penalty. The message may include a link to a fake website or a phone number to call, which can lead to the victim revealing personal or financial information.
Phone calls can also be used to scam individuals. Cybercriminals may use spoofing technology to make it appear as though the call is coming from a legitimate source, such as a well-known company or government agency. The caller may claim to be a representative of the company and ask the victim to provide sensitive information or install software on their device. Understanding how spoofing works can help you recognize and avoid these deceptive tactics. Dive into our guide on spoofing and how to protect yourself.
It’s essential to be aware of these tactics and to take steps to protect yourself from falling victim to these types of scams. This includes being cautious of unsolicited phone calls and text messages, verifying the authenticity of the sender before providing any information, and keeping your devices and software up to date with the latest security patches.
How to protect yourself from vishing and smishing
To avoid falling victim to a phishing attack, including vishing and smishing, follow these essential cybersecurity tips:
What to do if you’re a victim of smishing or vishing
If you suspect that you have fallen victim to a smishing or vishing scam, acting quickly can help minimize the damage and prevent further harm. Follow these essential steps to protect yourself:
1. Contact your bank and credit card providers
Immediately inform your bank and credit card companies about the incident. They can help secure your accounts, freeze transactions, and prevent unauthorized access to your funds.
2. Place a fraud alert on your credit report
Notify the three major credit bureaus to place a fraud alert on your credit report. This can help detect and prevent identity theft by alerting you to any suspicious activity on your accounts.
3. Freeze your credit report for extra security
Consider freezing your credit report with the major credit bureaus. This prevents cybercriminals from opening new accounts in your name and adds an extra layer of security to your financial identity.
4. Report the incident to authorities
File a report with the Federal Trade Commission (FTC) and your local law enforcement agency. They can investigate the scam and provide guidance on additional protective measures.
5. Change your passwords and security questions
Update the passwords and security questions for all your important accounts. This helps prevent further unauthorized access and strengthens your account security.
By taking these steps, you can limit the impact of a smishing or vishing attack and reduce the risk of future scams.
Enhance your digital security with My Digital Self-Defense
To stay ahead of cybercriminals, consider using the My Digital Self-Defense app. This free tool provides:
-
Updates on the latest phishing, vishing, and smishing threats.
-
Guidance on identifying and avoiding online scams.
-
Steps to take if you suspect your personal data has been compromised.
Available for both iOS and Android, the app is a simple yet powerful way to improve your cybersecurity awareness and protect yourself from fraud.
Final thoughts
Vishing and smishing are rapidly growing threats that exploit human trust and urgency to steal personal information. By staying informed, exercising caution, and using security tools like My Digital Self-Defense, you can significantly reduce the risk of falling victim to these scams.
Always remember: If something feels off, take a step back, verify the information, and never share personal details with unsolicited callers or messages. Cybersecurity starts with awareness and vigilance.
This post has been updated on 19-03-2025 by Sarah Krarup.

Sarah Krarup
Sarah studies innovation and entrepreneurship with a deep interest in IT and how cybersecurity impacts businesses and individuals. She has extensive experience in copywriting and is dedicated to making cybersecurity information accessible and engaging for everyone.
View all posts by Sarah Krarup