Skip to Content

Back to Blog

Phishing, Vishing, and Smishing: What They Are and How to Avoid Getting Hooked

You’ve probably heard the term phishing before—but what about smishing or vishing? These aren’t just strange-sounding words. They’re real forms of fraud that are becoming more common, more convincing, and more dangerous.

Here’s what you need to know to stay safe.

Phishing

What it is: Phishing is when scammers send fake emails pretending to be from legitimate companies (like your bank, credit union, or a retailer). These emails often contain urgent messages—like a claim that your account is locked or your payment failed—with a link to “verify your information.”

How to spot it:

  • The email address looks suspicious or doesn’t match the company.
  • There are spelling/grammar errors.
  • It asks you to click a link or download an attachment.
  • It creates urgency to make you act quickly.

How to stay safe:
Never click on links in an email you weren’t expecting. Instead, log in directly through the official website or app. When in doubt, contact the company directly using a trusted number.

Smishing

What it is: Smishing is the text message version of phishing. You might get a message that says “Your account has been locked” or “Click this link to claim your prize!”

How to spot it:

  • The message is from a number you don’t recognize.
  • It includes suspicious links or shortened URLs.
  • It tries to get personal or financial information via text.

How to stay safe:
Never reply to these texts or click on the link. Block the number and report it as spam. If it appears to come from your financial institution, call them directly to verify.

Vishing

What it is: Vishing (voice phishing) is when a scammer calls you pretending to be from a trusted source—like your credit union, a government agency, or tech support—to get your personal information.

How to spot it:

  • The caller asks for sensitive information like your Social Security number, PIN, or online banking password.
  • They may threaten legal action, fines, or account closure.
  • Caller ID may be spoofed to look legitimate.

How to stay safe:
Hang up and call the organization back using an official number. Don’t give out any information unless you initiated the call.

Quick Tips to Protect Yourself

  • Don’t share personal or financial information via email, text, or phone.
  • Enable two-factor authentication on accounts when possible.
  • Monitor your accounts regularly for suspicious activity.
  • Trust your gut—if something feels off, it probably is.