Phishing, Quishing, and Vishing

What are they?

This article describes common fraudulent practices used by scammers. Learn the differences in terminology and ways to spot and prevent scams. Then, go above and beyond by sharing this information with family and friends. Spread the word to keep others safe from scams!

Phishing

This fraudulent practice involves scammers sending emails purporting to be from reputable companies to trick individuals to reveal personal information like passwords or credit card numbers. Note that smishing is the term used for a similar fraud involving text messages instead of emails.

Example: In a phishing scam, a potential victim receives an email from what appears to be their cell phone company stating that the account is compromised and will be deactivated unless information is provided to them, such as a credit card number. The email is not legitimate and is from a scammer.

How to spot phishing scams: Watch out for emails from unfamiliar addresses and those that are slightly off from a familiar company’s email. Simply delete them rather than risk opening them. Or, if an email is unexpected or the content appears inaccurate, be wary of a scam. Never click on suspicious links or attachments inside emails. Scammers tend to use generic titles to address potential victims, such as “Hello Sir or Madam,” or “Dear Account Holder.”  Other signs of phishing scams involve emails containing typos and awkward spellings or phrases. Emails with threatening tones or extreme urgency are also likely to be from scammers. A person can use an anti-scam tool offered by digital security experts like Norton to help determine if a message is truly legitimate.

Quishing

This unscrupulous practice involves Quick Response (QR) code phishing. QR codes are two-dimensional barcodes that people scan with their phone’s camera or a code reader. In this cybersecurity threat, attackers use QR codes to redirect victims to malicious websites. Once a victim is redirected, they are prompted to provide personal information like addresses and credit card numbers or download harmful content.

Example: You are at a parking meter and take a photo of a sticker QR code attached to the meter. Unbeknownst to you, the QR code is illegitimate and directs you to a fake website.

How to spot quishing scams: Avoid using QR codes in public places. Rather use a parking app you previously downloaded or use a payment machine instead. Also check the QR code for signs that it is a fake or has been replaced over a previous one. If the edges are peeling or it looks suspicious, the QR code may be tampered with, or it may indicate fraud. When you scan a QR code, your phone takes you to a website link. Beware of where it takes you and make sure it goes to the company’s actual website. Note that some scams are sophisticated and can take you to a fraudulent imposter website that looks believable, so exercise extreme caution when using QR codes.

Vishing

This cyberattack involves voice phishing. It essentially uses phone calls to trick folks into sharing personal information like bank account numbers or passwords. Sometimes scammers will leave voice messages pretending to be from reputable companies or administrations to entice individuals into calling them back. This scam can involve robocalls or actual humans.

Example: A potential victim gets an unexpected call. A fraudster will pretend to be from a bank or other institution. They will claim there is a problem with an account or credit card. They will ask the caller to provide solutions. Scammers generally apply three tactics: impersonation, urgency and fear. Unfortunately, these pressure tactics may lead to the delivery of personal information to a scammer.

How to spot a vishing attack: Now that you know the three tactics, it may be easier to spot a scammer. Agencies and companies typically do not pressure individuals. Anyone pressuring you to provide guarded personal information is the sign of a scam. Per digital security expert Norton, unexpected calls from agencies or companies can be signs that someone is vishing you. If you believe a call is suspicious, hang up and call back a legit number (one that you looked up yourself) to confirm that the agency or company is indeed trying to reach you. Never call back a phone number (or text or email) through information provided to you as it may take you directly to the scammer. Do your own independent research to confirm your contact’s accuracy. Another telltale sign of a vishing scam is poor audio and/or background noises (signs of a call center or a robocall using computerized auto dialers to deliver prerecorded messages.)

Say no to phishing, quishing, and vishing!

Scammers seek to steal money off the hard-working backs of great Americans, or steal identities, so one can never be too careful! Heed the warning signs of scams and do your best to guard your personal information.

Scams & senior citizens

Everyone is vulnerable to scams, particularly the elderly. Seniors are often preyed upon due to age-related vulnerabilities, thus keeping a watchful eye to identify scammers is an excellent first line of defense.  

AMAC is proud to be your partner in safety and in fighting against phishing, quishing and vishing! Do us a favor, share this article with friends and family to work in partnership with us to keep good Americans safe and scam-free!