Phishing, Smishing, and Vishing

  • Phishing is an email-based cyber-attack that targets individuals through well-crafted emails. 
    • The goal of the attack is to trick users into opening up the email and clicking on any attachments or links. 
  • Smishing is a text-message based cyber-attack that targets individuals through SMS (Short Message Service) or text messages. The term is a combination of “SMS” and “phishing.”
    • Just like email-based phishing attacks, these deceptive messages often appear to be from trusted sources, and they use social engineering tactics to create a sense of urgency, curiosity, or fear to manipulate the recipient into taking an undesired action.
  • Vishing is a phone-based cyber-attack that targets individuals through phone calls or voicemail. The term is a combination of “voice” and “phishing.”
    • This attack may be calls from attackers claiming to be government agencies such as the IRS, software vendors like Microsoft, or services offering to help with benefits or credit card rates. Attackers will often appear to be calling from a local number close to yours. As with smishing, flaws in how caller ID and phone number verification work make this a dangerous attack vector.
The following tips will help you effectively identify and handle a phishing, smishing, or vishing attack.

What to do if you think you have been phished, smished, or vished?

Person looking at phone

Pause.

Scammers will stress a sense of urgency to trick you into doing what they want. Don’t take the bait.

Think. (Could this possibly some kind of attack or scam?)

Person looking to the side

Ask yourself the following questions to help determine if you may possibly be experiencing a phishing, smishing, or vishing attempt.

  1. Do you recognize the email or number?

  2. Is there a sense of urgency in the message or phone call?

  3. Does the message offer quick money from winning prizes or collecting cash after entering information?

  4. Does the sender address themselves as someone you know?

  5. Does the sender ask you to click on a link in order to get more information?

Person looking at phone

Act.

  • If you receive a phishing email to your University of Richmond’s email please forward it to spam@richmond.edu.
  • If you receive a smishing text message, please report the message to your mobile network provider by forwarding unwanted texts to 7726 (or "SPAM").
  • If you receive a vishing call immediately hang up and block the number.
  • If you are unsure, feel free to contact us at infosec@richmond.edu or contact the Help Desk at 804-287-6400.