Today, businesses face a wide range of threats from cybercriminals, including phishing, vishing, smishing attacks. What exactly do these terms mean, and what protection strategies should modern businesses take?
In this blog, we will discuss:
Phishing, vishing, and smishing are all methods used by cybercriminals to trick individuals into divulging personal information, often leading to identity theft or financial loss, both for the individuals, and often for a business/brand that is involved.
Phishing typically involves fraudulent emails that trick victims into clicking on malicious links. These links often lead to fake forms that ask for sensitive information, such as usernames, passwords, or account numbers. These attacks almost always use a common brand — think Amazon, FedEx, or your bank — to make the email seem more legitimate. However, this of course causes reputational, financial, and legal damage to the businesses requiring protection strategies.
Vishing, on the other hand, involves fraudulent phone calls or voicemails. (One way to think about it: the “V” was added to phishing to indicate “voice phishing”). Cybercriminals often use pre-recorded robocalls — and skyrocketing now are AI impersonations — to impersonate legitimate companies and solicit personal information from victims. They will often claim they are from a known brand, tell you there’s an issue, then ask for your name, address, driver's license number, social security number, or credit card information. This information is used to defraud the victim, again harming the business’ brand.
Smishing is similar to phishing, but it involves fraudulent text messages. (Think of this terms as “SMS Phishing” — aka “smishing”) These messages often contain malicious links that, when clicked, can lead to the installation of malware on the victim's device or direct the victim to a form used to steal their information. Once again, businesses are seeking protection from these types of attacks, as they are causing damage to brands big and small.
In chart form, that looks like this:
Threat |
Method |
Description |
Phishing |
Emails |
Cybercriminals send fraudulent emails, supposedly from a known brand. These seek sensitive information, such as usernames, passwords, or account numbers. |
Vishing |
Phone calls or voicemail |
Aka Voice Phishing. Pre-recorded robocalls (or even AI voices) impersonate legitimate companies and solicit personal information from victims. |
Smishing |
Text messages |
Aka SMS Phishing: phishing, but using fraudulent text messages. Can lead to the installation of malware on the victim's device or direct the victim to a form used to steal their information. |
The Rising Threat: Key Statistics And Real World Examples Of
The threat posed to businesses from vishing, phishing, and smishing attacks is real and growing. According to a report on CyberTalk, around 83% of businesses reported experiencing phishing attacks in 2018. Furthermore, in 2021, the Federal Trade Commission noted more than 2.8 million fraud reports, many of which were the result of phishing, vishing, or smishing attacks. Of those, more than $2.3 billion in losses were related to imposter scams — a sharp jump of more than double the prior year.
Real-world examples of these attacks abound. For instance, in 2021, cybercriminals impersonated Elon Musk to defraud investors out of more than $2 million over a six-month period — and it’s suspected that this figure is significantly underreported.
In another case, a Dutch mobile security company found that a caller claiming to be from an Italian bank instructed victims to install a “security app.” However, this app was actually malicious software that granted scammers remote access for financial fraud. Even worse, the sophisticated scam could gain access to all inbound SMS messages, thereby defeating 2-factor authentication by text messages.
Attacks such as this are expected to rapidly become more sophisticated as AI tools are implemented by cybercriminals.
Protecting Your Business: Steps To Take
In the face of phishing, vishing, and smishing threats, businesses can take several proactive steps to protect themselves:
For more information on how to protect your brand from vishing, check out our previous article here.
YouMailPS solutions offer several benefits. They can detect and eliminate imposter traffic, leveraging billions of data points from their consumer protection services. In addition, their ten years+ experience in protecting is invaluable. YouMailPS’ patented detection technology leads the industry, often used as a reference by the FCC. They help manage risk, fraud detection and response, protecting your customers, brand reputation, communication equipment, and more.
Don't let your business fall victim to vishing, phishing, or smishing attacks. Contact YouMailPS for a no-obligation demo >