Phishing, Vishing, and Smishing - Oh My!
3 Common Scams in a Nutshell...

What exactly do these terms mean?

All three of these terms refer to attempts to steal your personal information by falsely claiming to be a legitimate company. By masquerading as a company you are familiar with, the scammers earn your trust and trick you into providing them with all the information they need to steal important information like your account and credit/debit card numbers, passwords, social security numbers, and potentially your money. The only differences are in the ways that the scammers attempt to fool you.

Phishing refers to the use of fake email messages, which appear to come from a legitimate company like Paypal, Ebay, or Ashland Credit Union, perhaps even displaying the proper logos and links to the company's www site. For more information on phishing, visit OnGuard Online (, the federal government's interagency website dealing with ID theft, online fraud and computer security.

With vishing, the scammers call randomly-generated phone numbers with a similar message, telling recipients that their card has been suspended for fraudulent activity. To remedy the situation, the victims are instructed to call a specific number to "reactivate their card" or "confirm the activity". To learn more about vishing, visit the FBI's November 2010 press release regarding vishing (

Smishing is essentially the same process, except the scammers use SMS (text messagees) rather than phone calls to direct victims to the fraudulent number.

Despite the methods used, the goals are the same: The scammers want you to go to their fraudulent website or call an illegitimate number where your personal information (card number, social security number, bank account numbers, or more) can be stolen. If a victim responds to their requests, the scammers can generate a fake card or make online purchases in a matter of hours, quickly draining your valuable funds.

Know How To Recognize Phishing, Vishing, and Smishing

All members need to know how to recognize these scam attempts. There are certain characteristics that all of these scams share that you need to be aware of. The following tips will help ensure that you know how to recognize a fraud attempt when it inevitably arrives.

Tip 1: "Out of the Blue" notices - An email, phone message, or text message that warns you, with little or no notice, that your account will be closed or "frozen" unless you confirm your personal information is not likely legitimate.

Tip 2: Email Requests - Most legitimate companies do not solicit your personal information over email, and when they do, they do not provide links to a form within the email.

Tip 3: Phone Numbers - If you receive a phone or text message with a callback number, examine the number to determine its validity. While toll-free numbers are hard to scrutinize, a callback number to a strange area code is reason for alarm. Contact the institution directly and ask a representative about the request.

If you do happen to receive emails or messages like the ones described above, do not reply, click on links within an email, or call back the number provided. Contact the company directly by phone. If you do suspect fraud, consider reporting it. For more information on reporting ID Theft or Fraud, consult our special section on what to do if you suspect fraud.

Learn More