What is smishing and vishing?

Like email phishing, "smishing" and "vishing" refers to phishing attempts via SMS (text) and Voice, respectively. Here also, cybercriminals may leave text messages or voice messages purporting to be reputable companies to get you to share your personal information. Or they may try and call you directly and speak to you. Using high-pressure tactics, they may try and get sensitive information such as your bank and credit card details.

Examples include

• Representing a government authority (e.g., the Internal Revenue Service or Immigration), threating to do so something unless you act immediately.
• Claiming to be tech support to "fix" a virus on your computer.
• Making an attractive offer saying that you've "won" something like a vacation package, or incenting you to buy something cheap.
• Asking you to donate to a fake organization for some cause, usually soon after a disaster.
• Pretending to be your friend, to get you emotionally or romantically involved. 

Seniors are especially vulnerable to such scams.

In a single word, NO! Even if you recognize the caller or text to be a scam, do not answer or reply to the text. By doing so, you are confirming your phone number to be a valid number. This itself is valuable information for a bad actor. Also, when you speak to a hacker, your voice may be recorded without your knowledge and later misused. For example, if you respond "Yes" to something, that positive response could be used to mimic your voice to authorize a fraudulent financial transaction. So, while it is tempting to respond, please do not do so.

A recent trend is where a criminal will send you an innocent looking text message as if they are trying to reach someone and got you by mistake. For example, "Hi Jack, haven't heard from you recently. Hope you are doing ok after your illness". Let's say your name is John. You might be tempted to respond saying "No, I am John. Were you trying to reach Jack"? The spammer will then try and 'reel you in' into engaging in a conversation, and eventually try and get you trapped.

In the unfortunate scenario that you have fallen victim, the important thing is to not panic but take immediate action. For example,

• Disconnect your device from the Internet to prevent it being misused.
• Immediately call your credit card companies, banks, and other financial institutions and explain what happened.
• Also report to Federal Trade Commission and your local consumer protection office.
• You may also need to file a police report.
• It also helps if you have Identity Protection; in which case you can call the service provider.

Ways to avoid becoming a victim:

• If you suspect something to be spam, don't respond to it.
• Report spam text messages.
• If you get a call from an unknown number, let it go to voicemail rather than pick it up. Additionally, you can use call screening software such as Google Voice Assistant to screen incoming calls.
• Use virus protection and spam detection software on your devices.