Pre-requisites: Difference between Phishing and Vishing
There are several types of Email attacks that are used by the attackers to steal confidential information from users. The confidential information may include login credentials, bank card details, or any other sensitive data.
In this article we will see difference between Vishing and Smishing Attacks.
Vishing
In contrast to smishing, which uses SMS (short message service) messages to deceive victims, vishing involves placing VoIP (Voice over IP) phone calls. The attacker may pose as an authorized employee of a company or other institution to acquire the victim’s trust.
Examples of a vishing call:
- Fraud customer care asking your OTP and CVV.
- Fraud delivery services asking for your address and personal information practicing an active reconnaissance.
Smishing
This is a type of phishing scam in which hackers send SMS messages (or text messages) to victims to convince them into disclosing personal information or download malware. Smishing messages frequently seem to be coming from a reliable source, like a reputable business or governmental organization. To persuade victims to take immediate action, it could even use urgent rhetoric or threats. Occasionally, the message will also contain a link that will take the recipients to a phony website where they will be asked to enter personal information or download malicious software.
Examples of a smishing text message:
- We have seen some strange behavior on your account. To speak with a customer support agent, please dial this number.
- You’ve earned a complimentary gift card! Claim your prize by clicking here.
- Hi! We saw that you were only a recent client of ours. Please enter your personal information by clicking this link: http://gooogle.com/customercare.com to complete the account setup process.
Difference between Vishing and Smishing Attacks
| Parameters | Vishing | Smishing |
|---|---|---|
| Attack method | Uses a phone call or VoIP to trick the victim. | Uses text messages or SMS to trick the victim |
| Type of attack | Phone-based social engineering attack | SMS-based social engineering attack |
| Scenario | To win the victim’s trust, the attacker can impersonate a trustworthy employee of a business or other institution. | When trying to get the victim to act swiftly and click the link or download the attachment, the attacker may appeal to their sense of urgency or panic. |
| Impact on victim | the victim can experience identity theft or financial loss. | The victim may have a lost of money or experience identity theft, or malware may corrupt their device. |
| Prevention | When receiving an unexpected call, be wary and ask the caller to leave a verified number before answering. Don’t divulge private information over the phone until you are certain who is calling. | Be wary of unsolicited text messages, and only click on links or download files if you are certain who sent them. To avoid malware attacks, install anti-virus software on your computer. |