Phishing
Phishing is a broad term for cyberattacks that use social engineering to trick victims into paying money, handing over sensitive information, or downloading malware.
Phishing attacks are fraudulent emails, text messages, phone calls or web sites designed to trick users into downloading malware, sharing sensitive information or personal data (e.g., Social Security and credit card numbers, bank account numbers, login credentials), or taking other actions that expose themselves or their organizations to cybercrime.
Phishing is the most common type of social engineering, the practice of deceiving, pressuring or manipulating people into sending information or assets to the wrong people.
Social engineering attacks rely on human error and pressure tactics for success.
The attacker typically masquerades as a person or organization the victim trusts—e.g., a coworker, a boss, a company the victim or victim’s employer does business with—and creates a sense of urgency that drives the victim to act rashly.
Hackers and fraudsters use these tactics because it’s easier and less expensive to trick people than it is to hack into a computer or network.
Successful phishing attacks often lead to identity theft, credit card fraud, ransomware attacks, data breaches, and huge financial losses for individuals and corporations.
Smishing and vishing are two kinds of phishing attacks that hackers can use on their victims.
The main difference between the different types of phishing attacks is the medium used to carry out the attacks. In smishing attacks, hackers target their victims exclusively using text messages or SMS—whereas, in vishing attacks (short for “voice phishing”), hackers use voice communication like phone calls and voicemails to pose as legitimate organizations and manipulate victims.
Smishing
Smishing is a social engineering attack that uses fake mobile text messages to trick people into downloading malware, sharing sensitive information, or sending money to cybercriminals.
The term “smishing” is a combination of “SMS”—or “short message service,” the technology behind text messages—and “phishing.”
Smishing is a phishing cybersecurity attack carried out over mobile text messaging, also known as SMS phishing.
Smishing attacks are similar to other types of phishing attacks, in which scammers use phony messages and malicious links to fool people into compromising their mobile phones, bank accounts, or personal data. The only main difference is the medium. In smishing attacks, scammers use SMS or messaging apps to conduct their cybercrimes rather than emails or phone calls.
Some examples of smishing scams : Pretending to be a financial institution, Pretending to be the government, Pretending to be customer support, Pretending to be a shipper, Pretending to be a boss or colleague, Pretending to text the wrong number, Pretending to be locked out of an account , Pretending to offer free apps, etc.
Vishing
In a vishing attack, threat actors or “vishers” use fraudulent phone numbers, voice altering software, and other social engineering tactics to entice people to divulge personal and sensitive information over the phone.
Advanced vishing attacks exploit Voice over Internet Protocol (VoIP) technology to create fake phone numbers and spoof the caller ID so that the call appears to be from legitimate companies or institutions. VoIP makes it easy for vishers to automate hundreds of scam calls over the internet and these numbers are hard to trace.
Some examples of common vishing scams: Credential vishing, Government impersonation, Corporate extortions and Telemarketing scams.