Phishing, vishing, and smishing

17 October 2018
message-or-email-2

Phishing (via email), smishing (via SMS), and vishing (via voice calls) are the most common cybercrime methods targeting bank customers.

Bank phishing via email

This refers to fraudulent emails that trick recipients into sharing their personal, financial, or security information.

How does it work?

These types of emails:

  • May appear identical to the type of correspondence sent by authentic banks, copying logos, layout, and the tone of real emails.
  • If you do not respond to the email, they use language that conveys urgency—for example, implying a penalty if you do not reply.
  • May ask you to download an attachment or click on a link.

Cybercriminals rely on the fact that people are busy, and at first glance, these fake emails appear to be legitimate. Therefore, recipients may take what is written in them seriously and act accordingly.

What Can You Do?

  • Keep your software updated, including your browser, antivirus, and operating system.
  • You must be especially vigilant if an email from the “bank” requests confidential information (for example, your online banking password). A legitimate bank will only communicate with you securely through your online banking portal.
  • Read the email carefully: look for inconsistencies and anything that does not make sense:
    • Look for slight differences in the sender’s address: a zero might look like an “o”.
    • Compare the sender’s email address with previous messages from your bank.
    • Check for spelling and grammatical errors.
  • Do not reply to a suspicious email; instead, forward it to your bank by typing the address yourself.
  • Do not click on the link or download the attachment; instead, type your bank’s web address into your browser.
  • Be careful when using a mobile device. It may be harder to spot a phishing attempt on your phone or tablet. With a smaller screen, it is more difficult to notice obvious errors. If it is a fake email, report it to your bank: all companies are keen to be made aware of these scams. When in doubt, call your bank.

Bank “vishing” by telephone

This is a telephone fraud in which scammers try to trick the victim into providing personal, financial, or security information, or into transferring money to them.

What Can You Do?

  • Be wary of unsolicited phone calls.
  • Take note of the number they are calling from and say that you will call back.
  • To confirm their identity, look up the company’s phone number and contact them directly.
  • Do not confirm the caller’s identity using the phone number they have given you (it could be a fake number).
  • Scammers can find basic information about you or your company online (for example, on social media). Do not assume the call is legitimate just because they have details about you.
  • Do not share your credit or debit card PIN or your online banking password. Your bank will never ask you for this information.
  • Do not comply with a request to transfer money to another account. Your bank will never ask you to do such a thing.
  • If you believe it is a fake call, report it to your bank.

Bank “smishing” via SMS

This is an attempt by scammers to obtain personal, financial, or security information through a text message. They act as a trusted source, posing as a bank, card issuer, or service provider.

How does it work?

Usually, the message will ask you (generally with a sense of urgency) to click on a link to a website or to call a phone number to verify, update, or reactivate your account. The link will take you to a fake website and the phone number belongs to a scammer impersonating a company. The goal is to get you to provide information that helps them steal your money.

What Can You Do?

  • Do not click on links, attachments, or images received in unsolicited text messages without first verifying the sender. You can do this by searching for the number online (if it is a scam, you may not be the first) or by comparing it with the original number of the sender they claim to be.
  • Do not rush. Take your time and perform the necessary checks.
  • Never respond to a text message requesting your PIN, online banking password, or any other security credentials.
  • If you think you may have responded to a “smishing” attempt and provided your bank details, contact your bank immediately.

Download the infographics with tips to avoid becoming a victim of this scam:

Phishing

Vishing

Smishing

X-twitter Youtube Instagram Linkedin

Related content

adobestock413817942-1239x697
March 19, 2026

Learn about financial scams and fraud in the age of Artificial Intelligence

Read more
image-spot-1
February 26, 2026

Is this secure? Be equally cautious in the digital realm.

Read more
This content has been automatically translated and may contain inaccuracies.