Texts and phone calls can be used maliciously to facilitate theft and fraud. 'Vishing' calls try to alarm recipients into making payments or providing important financial information. 'Smishing' texts may additionally try to entice their target to click on malicious links, activating trojan viruses which can steal passwords and other high-value data.
Phishing phone calls ('vishing') and scam texts ('smishing') are common attacks, designed to trick targets into divulging personal information that can be used for theft or fraud. Both vishing and smishing are cheap, and require little technical knowledge.
Many vishing campaigns are high volume, using auto-dial and broadband calling to contact thousands of potential victims per hour. They try to drive fear-based responses: for example, a spurious bank call-back service which pretends to alert the victim to bank account fraud, then requests detailed card information on response.
Then targeting organisations, attackers often impersonate a senior employee requiring urgent assistance. They may pretend to be in a rush, in an attempt to take control of the conversation.
Smishing has begun to overtake vishing in popularity. With many victims still unused to receiving spam texts – and the growth of text banking – it currently enjoys a higher success rate.
Smishing texts typically request urgent action, which often means clicking on a malicious link that in turn enables data theft. Spam filters stop many phishing emails from reaching inboxes, but no mainstream solution yet exists to prevent texts from reaching their intended target.