As digital communication has become a part of everyday life, cybercriminals have developed new methods to trick people and steal their personal and financial information. Two common forms of cyber fraud are Vishing and Smishing.
What are Vishing and Smishing?
When a fraudster uses an internet telephone service (VoIP) to trick victims into revealing sensitive information, it is called Vishing, or Voice Phishing. Essentially, it is a variant of a phishing attack. Typically, the caller pretends to be a bank official, government representative, police officer, or customer service executive. As a result, victims may feel pressured to share confidential information. Ultimately, the goal of vishing is to steal money, identity, or both by instilling fear and creating a sense of urgency.
Smishing (SMS Phishing) is when someone uses Short Service Message (SMS) or text message to gather personal/financial information of users, for committing financial frauds. More often the text messages are fake, which makes them appear to be from authentic sources. Furthermore, the users may also get links that have malware, pretending to be a legitimate app or sending you to a fake site for collecting your information.
How Do Vishing and Smishing Attacks Happen?
Various Vishing Techniques used by the Fraudsters are:
- By spoofing the caller ID to make it appear as though the call is coming from a trusted source.
- Fraudsters often make fake calls and convince users under various pretexts, such as updating KYC details, linking Aadhaar to a bank account, claiming free gifts, lotteries, or prizes, or posing as customer service executives from banks or gas agencies.
- Another common tactic is asking users to scan a barcode or QR code under the false claim that they will receive money.
- Additionally, scammers may manipulate users into calling fake customer care numbers that have been fraudulently posted online, including on search engines.
Various Smishing Techniques used by the Fraudsters are:
- Sending a link that triggers the downloading of a malicious app.
- Linking to information capturing forms.
- Messages with Warning signs which need immediate action.
- Referrals to tech support.
Impact of vishing and smishing on Victims
The consequences of vishing and smishing can be severe. Victims can lose a lot of money from unauthorized transactions or theft from their bank accounts. Personal information like IDs and login details can get used for identity theft and other scams.
Apart from financial damage, victims often experience stress, anxiety, and a loss of confidence in digital services. In some cases, stolen information can be used repeatedly for future scams, creating long-term risks.
Prevention and Safety Measures
Safety measure to avoid Vishing are:
- Never share OTP, PIN, CVV, Debit/Credit card details with anyone.
- Do not call the numbers of service providers randomly found by google search as they can be fake numbers.
- Only use the contact numbers available on authorized websites of the institutes/organizations/banks etc.
- In case of any incident, the user should also block the card or freeze the account in case changing the password is not feasible immediately.
Safety measure to avoid Smishing are:
- Never click on any link in SMS, WhatsApp messages etc.
- Always check the link before clicking, preview the URL, and look carefully for misspelling or other irregularities.
- Enter username and password only over a secure connection. Look for the “https” prefix before the site URL, indicating the connection to the site is secure.
- Be cautious about opening any attachments or downloading files received regardless of who sent them.
- Use antivirus, anti spyware and firewall software (update them regularly too).
- Enforce multi-factor authentication (MFA).
Cyber Crime Reporting in India
The government’s National Cybercrime Reporting Portal www.cybercrime.gov.in is an initiative to facilitate reporting cybercrime complaints online. This portal works 24 x 7. To know more about reporting of a cybercrime read this blog.
Key Takeaways
Vishing and Smishing are rapidly growing cyber threats that target individuals through phone calls and text messages. Therefore, it is essential to understand how these scams operate and how to identify them. By staying alert, verifying information, and following basic cyber safety practices, individuals can significantly reduce the risk of becoming victims. Furthermore, taking a few extra moments to confirm the authenticity of a call or message can prevent serious financial and personal losses. Most importantly, staying aware, being cautious, and reporting incidents promptly are the best ways to protect oneself and help fight against cybercrime.
About the Author
This article is written by Sonali Jain, a BA LL.B. student at Bennett University, Greater Noida. She is currently interning with Project CyberShield, where she contributes to research and awareness initiatives on cybercrime and digital safety.