Cybercriminals and scammers are constantly expanding and improving tools and tactics to manipulate people into giving confidential, sensitive, or financial information. Phishing has been used by criminals for over 20 years! The tactics used in phishing, which is perpetrated via email, have now evolved and are appearing via SMS (text), referred to as SMShing, and phone (voice), referred to as Vishing.

In phishing attacks, as well as SMShing and Vishing attacks, criminals attempt to fool victims into giving them financial information, confidential information, or unauthorized access to systems via malware and other nefarious means. The emails, calls, and text messages often impersonate reputable companies or trustworthy peopleto trick victims. In 2018, phishing was used in 93% of data breaches, and phishing attacks increased by 250%. The average person will receive multiple phishing emails per week! Vishing and SMShing are also on the rise.

How to spot phish, vish, or SMSh

It is critical for you to know how to spot these scams! Criminals often appeal to common emotional triggers to manipulate victims. Be on the lookout for these triggers.

Someone's demanding immediate, urgent action -- "Your entire account will be deleted in half an hour unless you update your credit card information."
The phishing email has spelling, grammatical or punctuation mistakes; it was sent from a weird return address; or the vishing scam caller doesn't speak proper English.
You're asked for your PIN. No bank, government agency, police department, or legitimate entity will ever ask for your PIN or other confidential information without clear cause.
You need to give sensitive data to claim money or prizes: "We're offering cash rebates to valuable customers such as yourself, so if I could just verify your credit card information..."
You're hurried along without being given time to think or ask questions. Hustlers know that people do riskier things when they're worried or rushed.

How to protect against phish, vish, and SMSh

Make sure to think before you interact with suspicious email, calls, or texts. Here are additional tips to identify phishing emails, vishing calls, or SMShing texts

Unfamiliar or illegitimate email addresses or phone numbers. For vishing, it is always best to let unfamiliar calls go to voicemail. It is easier to identify scams without the pressure to respond immediately. If the message is legitimate and you are still concerned, call back using the company’s published customer service number.
Generic greeting/salutations. Anyone emailing, calling, or textingyou in relation to your personal, financial, or confidential information should know your name!
Suspicious links or attachments in emails or textmessages. This is a red flag for phishing or SMSihing. Hover over links to determine if the link is directing you to the correct site, and avoid interacting with unexpected attachments that could hide malware.
Grammatical or spelling errors. Sloppy composition or speech can be a sign of phishing, SMShing, or Vishing.

Not being tech savvy doesn't mean you're a sitting duck. Effective phishing, SMShing, and Vishing protection relies mostly on common sense. Don't allow yourself to be rushed, verify anything suspicious, and remember that if it sounds too good to be true, it probably is.