Smishing and Vishing: Quick Guide to be Alert

Smishing and Vishing are the most critical attacks on which cybercriminals work on. Let’s see them one by one with relevant examples.


Smishing is a type of phishing in which somebody attempts to fool you into giving them your private data through a telephone call or SMS message.

It is a combination of SMS and Phishing. (Do you want to know about Phishing?)

Smishing is turning into a developing and promoting risk in the realm of online security.


Texting is the most common practice for humans. Everyone communicates through mobile with text messages and calls.

A survey says that especially those who are aged between 18 and 24 send more than 2022 texts per month – on an average that’s 67 per day- and receive 1831.

Many people assume that smartphones are more secure than computers.

However, smartphones have their own limitations.

Particularly, they struggle with the smishing issue.

So, What is the remedy?

Smishing SMS’s work on a cross-platform.

Yes, People use smartphones as they move and they may read text messages in a hurry and respond fast.

Because of the distractions caused on their work, they may respond immediately to the bank related messages to get rid of them.

Hence, this becomes one of the risk factors for giving sensitive information to cybercriminals.

How does Smishing work?

Let’s see one of the real-time examples.

The figure below shows an SMS, which was received on 22nd June 2020. It is a fake SMS, and the given link is a fake URL as well. When one clicks the link, hacking starts there.

Smishing Example

The SMS says “Congratulation; your number is selected for this much amount.” A link is also provided to click on. But it may lead to a fake site.

The SMS itself is fake. This way, cybercriminals act intelligently.

It is possible to prevent ourselves from becoming a victim of this type of attack.

Before seeing the tips of how to protect ourselves from Smishing, let’s see one more related attack of Phishing, called Vishing.

How does Vishing work?

Vishing is a combination of voice and Phishing.


Vishing attacks use a tricky Caller ID. The call looks like it comes from a known number, or it starts with the digits 800.

Vishing often uses VoIP technology to call.

Another one risky method Cybercriminals follow in Vishing is that they may post their numbers in social media.

For example, the posts like “We are here to repair your computers, call this toll free number” may appear on social media. When you call, one person speaks in a pleasant voice, and he acts like more than willing to help.

But once the payment for the repair work is done, the call will get disconnected, and you can never contact them after that.

Callers masquerade as Policemen, Technicians, Bankers, Tourist travel agencies, Executives, Business Partners, or Software professionals from companies like Intel.

One of the real-time examples is given below, Anand Kalyanaraman Says,

In the Year 2019, a person lost 23 lakhs to Cyber Fraud.  A fraudster, posing as a bank manager, duped Kaur through a mobile phone call. The fraudster asked for victim’s bank account details on the pretext of wanting to deposit her salary.

 He eventually managed to get her account number, ATM pin, Card Verification Value (CVV) number and a One Time password (OTP), reports say.

Soon, Victim got an SMS alerting that ₹23 lakhs was debited from her account. The accused was reportedly arrested.

Hence, it’s high time that we learn how to avoid Smishing and Vishing.

Tips to avoid Smishing

  1. If the text message is from an unknown number, and if it urges you to give a quick reply, then it is the sign of smishing. Don’t respond.
  2. Find the time when the unknown message was sent. If it was sent in an unusual time, then it is the sign of Smishing.
  3. Don’t click the link of concealed messages.
  4. Never call back the number that is associated with the text that you do not know.
  5. Don’t reply to the messages which asked your personal data.
  6. Don’t believe any text that says, “Congratulations, you are the Winner for your Phone Number and redeem your prize on or before this date”. Neither respond to it, nor click the link given to redeem your points.
  7. Be aware of the text’s message number, which is not the phone number, for example, starting with “5000” etc. It is a Smishing message. You can’t trace the sender.
  8. Never provide any sensitive information over an SMS or WA msg or Phone Call.
  9. If the SMS says that it’s from a person known to you and asks for personal or sensitive data, call the person in the number which you have stored in your Contacts and find whether he/she requested your data. Don’t call the number in the SMS.
  10. No financial organization or Bank will ask you to update the account information or confirm your ATM number through SMS. If you receive a text message like this, immediately you should enquire the bank or the respective financial organization.

Tips to avoid Vishing

  1. Do not provide any personal information over the phone to an unknown person.
  2. Be aware of any caller who asks you to share login information over the phone. Don’t give the details.
  3. Never share your Credit card Number (PIN), Card Verification Value (CVV) and One Time Password (OTP) with the unknown calls. Bank personnel never ask that type of information over the phone. If you receive calls like that, immediately report to RBI.
  4. If you hear a confident voice on the other end of the phone line which says that they are calling from RBI, a Card Company or from such financial organizations, don’t respond to the call. Just disconnect the call and ignore it.
  5. Some cybercriminals combine vishing and phishing.  It starts with the Phishing Email, which says that there is a problem in renewing your account and you need to call this number for account verification. Do not call such numbers.
  6. Sign up for the National Do not call registry. The National Do not call registry tells how to stop unwanted sales calls. But beware, the scammers always find a way to ignore the registry also.
  7. Report these types of attacks to FCI to prevent others.

These are essential tips to avoid Smishing and Vishing.

Hence, such messages or calls have to raise a spam flag. Just disconnect and ignore them. Report to the concerned departments immediately.

In Closing..

We have discussed two types of attacks, namely, Smishing and Vishing. Be alert and live a safe life without any losses caused by such tricks.