How do phone and text scams work?

Phishing phone calls ('vishing') and scam texts ('smishing') are common attacks, designed to trick targets into divulging personal information that can be used for theft or fraud. Both vishing and smishing are cheap, and require little technical knowledge.

Many vishing campaigns are high volume, using auto-dial and broadband calling to contact thousands of potential victims per hour. They try to drive fear-based responses: for example, a spurious bank call-back service which pretends to alert the victim to bank account fraud, then requests detailed card information on response.

Then, targeting organizations using techniques similar to business phishing, attackers often impersonate a senior employee requiring urgent assistance. They may pretend to be in a rush, in an attempt to take control of the conversation.

Smishing has begun to overtake vishing in popularity. With many victims still unused to receiving spam texts – and the growth of text banking – it currently enjoys a higher success rate.

Smishing texts typically request urgent action, which often means clicking on a malicious link that in turn enables data theft. Spam filters stop many phishing emails from reaching inboxes, but no mainstream solution yet exists to prevent texts, including fake bank texts, from reaching their intended target.

Phishing business risks

  • Data theft (or encryption for ransom)
  • Fraudulent internet banking redirection
  • Financial theft
  • Identity fraud

How can I defend my business against vishing and smishing?

Learning best practices on how to spot phishing and smishing is crucial when protecting your business against cybercrime. Phishing phone calls and scam texts are common attacks that target personal information that will put your business at risk. Learn how you can defend your business today.

  • Raise awareness of the potential impact of vishing/ smishing on your business, discuss how to prevent phone scams, and implement a policy for reporting suspected cases.
  • Train staff never to share financial or company information with unverified callers.
  • Learn to spot suspicious calls and text, and never:
    • be rushed into making a quick decision in response to an urgent request.
    • provide personal or financial information over the phone.
    • use numbers provided by the caller or in the text, in preference to known contact numbers.
    • click on a link in a text you were not expecting.
  • Where a vishing call is purporting to come from a member of staff, there can be several give-away signs:
    • The caller refers to the organization by name on a supposedly internal call.
    • The call is made to the UK from one country, for information on another.
    • The caller instructs the recipient on using internal systems to provide information.

Find out more about Protecting Your Business

 Cartoon of person sitting at a desk working on a laptop

Need help?

As the leading international bank in the U.S., we connect customers to opportunities and enable them to thrive