Phishing, Vishing, Smishing, & Pharming
smishing and pharming are all methods used by criminals to fraudulently obtain
personal information such as a social security number, bank account
information, or credit card information. Each method has its own distinguishing
characteristics, but they all have the same goal: stealing your money.
Phishing is most commonly attempted through e-mail. A typical phishing message
will appear to be from a well-recognized company that might have a need to know
your personal information (i.e., a credit card or package delivery company). It
generally contains a link to a web site that will either prompt you for your
logon information for your account with that company (assuming you have one) or
install malicious software on your computer without your knowledge. You may
also be asked for financial information under the guise that a security
compromise has occurred and the company wants to verify your records.
Regardless of who the message appears to be from, you will notice a request for
information or action on your part. Phishers will send the same message to
hundreds or thousands of recipients knowing that many of them will blindly
click any link and provide any requested information without a second thought.
Always use the following guidelines with your e-mail to avoid falling victim
to a phishing attack.
- Look at the sender and the subject of the message. If either looks
suspicious, delete it.
- Be cautious with links contained in any message, especially those from
unknown senders. Hover the mouse over the link to check the URL. A link
claiming to take you to Amazon.coms sign-in page should probably contain
Amazon.com somewhere in the URL. If it does not, beware.
- Do not reply to messages requesting personal, sensitive information.
- Watch for spelling and grammatical errors. These are very common in
- Be extremely cautious with attachments, regardless of the sender. Files
that have extensions of .exe, .bat, .com, .vbs, .reg, .msi, .pif, .pl, .php and
.zip can all install harmful files or software on your computer if you open
- Do not be intimidated or scared into giving up information. Some phishing
attempts will try to convince you that you are at risk financially if you do
not confirm your account information. The reality is that by providing that
information, you are putting yourself at risk.
for some example messages and see the clues that indicate they are phishing
Vishing is the telephone version of phishing. Instead of e-mail messages with
suspicious links or attachments, criminals attempt to fool you into giving them
the same information in a phone call. Vishing uses social engineering
techniques to trick you into providing information that can be used to access
and use your financial accounts. For example, the fraudster may claim to be an
employee of your bank who wants to warn you of some suspect charges on your
credit card. In order to cancel those transactions, he needs you to verify your
social security number and account number. This is information your bank should
already have, so there is no need for you to provide it again. If you receive a
call like this and feel uneasy about what you are being asked for, hang up and
call the company back at a number known to be legitimate.
Sometimes criminals will become belligerent or threatening in an attempt to
intimidate you into giving them the information they want. Do not be pressured
into making this mistake.
To avoid becoming a vishing victim,
- If you receive an email or phone call asking you to call back and you
suspect it might be a fraudulent request, look up the organizations
customer service number and call that number rather than the number provided in
the solicitation email or phone call.
- Forward the solicitation email to the customer service or security email
address of the organization, asking whether the email is legitimate.
Smishing is a form of phishing that uses cell phone text messages instead of
e-mail messages. The text message will contain a URL or phone number and will
prompt you to take immediate action. If you click the URL, you face all the
same risks associated with links in a phishing e-mail. If you call a number in
the text, you may get an automated voice response system that will prompt you
for sensitive information. Always delete smishing text messages and never reply
Pharming is a tactic used by criminals to redirect a legitimate web site to a
fraudulent site. Unlike phishing and its variations, pharming does not try to
trick you into clicking a URL or talk you into providing sensitive information.
Instead, it uses malicious code to redirect you to the criminals site
without your consent or knowledge, making it more difficult to detect. To help
avoid pharming, follow the guidelines in Protect
Your Computer. Also, be careful when entering financial information on a
web site. Look for the key or lock symbol at the bottom of the browser. If the
Web site looks different than when you last visited, be suspicious and
dont click unless you are absolutely certain the site is safe.