Phishing phone calls ('vishing') and scam texts ('smishing') are common attacks, designed to trick targets into divulging personal information that can be used for theft or fraud. Both vishing and smishing are cheap, and require little technical knowledge.
Many vishing campaigns are high volume, using auto-dial and broadband calling to contact thousands of potential victims per hour. They try to drive fear-based responses: for example, a spurious bank call-back service which pretends to alert the victim to bank account fraud, then requests detailed card information on response.
Then, targeting organizations using techniques similar to business phishing, attackers often impersonate a senior employee requiring urgent assistance. They may pretend to be in a rush, in an attempt to take control of the conversation.
Smishing has begun to overtake vishing in popularity. With many victims still unused to receiving spam texts – and the growth of text banking – it currently enjoys a higher success rate.
Smishing texts typically request urgent action, which often means clicking on a malicious link that in turn enables data theft. Spam filters stop many phishing emails from reaching inboxes, but no mainstream solution yet exists to prevent texts, including fake bank texts, from reaching their intended target.