Skip to main content


Smishing and Vishing: How To Avoid Fraud in a Mobile-First World

It’s easy to see how smartphones and tablets have changed our lives. The world is practically at everyone’s fingertips—anytime and anywhere.

On the other hand, the ability to communicate and connect however you please also makes it much easier to fall victim to fraud. As technology advances, thieves also develop more ways to steal personal information. They do this by impersonating authority figures through phone calls and messaging.

Since the times change constantly, adapting to the digital landscape has also become essential. Stay secure by brushing up on common scams that might show up on your mobile device: smishing and vishing.

A Refresher on Phishing

At their cores, smishing and vishing scams are variations of a classic fraud tactic—phishing. This is the use of email or text messages to trick a user into providing personal information. Phishing as a hacking term emerged in the 90s as the Internet grew in popularity. Its name conjures the image of using “bait” to lure unsuspecting fish for capture.

The basics of a phishing attack are:

  • The attacker sends emails or texts posing as an authority figure (financial institution, e-commerce, etc.) to recipients.
  • The message's contents try to convince the recipient to take action by clicking a link or downloading a file.
  • The recipient clicks the link, taking them to a page that looks like a login portal or online form to fill out.
  • The recipient provides this information, giving the attacker access to their account or credentials.

Generally speaking, phishing attacks aim to get sensitive information from people, such as account login credentials or financial information. Hackers use this data to sell to other hackers or to steal from victims.

Phishing can also be used to install malware on electronic devices. That malware can be anything, such as a file that can slow down your device’s performance, to something more insidious: hijacking your device to make it easier for a hacker to lure in more targets.

You can view this handy article from the Federal Trade Commission for more information on phishing. Now, we’ll discuss how phishing has evolved to affect smartphones and tablets.

Smishing: Best To Leave Thieves on “Read”

The term “smishing” is a mash-up between “phishing” and “SMS,” which means “short message service.” If you’re familiar with texting on your phone or using direct messages (DMs) on social media platforms, then you know about SMS.

In a smishing attack, a hacker attempts to steal information by sending a text instead of an email. For example, a hacker might text your number, claiming to be from your financial institution and saying your account’s been compromised. The text might also include a link leading to a login portal that is spoofed to look like something familiar to you. That link might also try to install malware on your smartphone.

 Never tap on links from unfamiliar numbers or sources. Additionally, don’t do what the message wants you to do. It is not an established practice for government entities, financial institutions, or any reputable business to send unprompted messages asking for sensitive information.

Direct messaging (on Facebook, Instagram, X, etc.) can be a bit trickier, as hackers can impersonate people you know by taking their profile pictures and making slight username changes. You’ll need to know how a person usually texts to recognize if they’re the real deal. If someone doesn’t sound like they usually do (or if it’s someone you haven’t messaged in a long while), you have good reason to be suspicious.

Vishing: Silence Scammers for Good

“Voice phishing” uses phone calls as the primary means of attack. Someone might call you and claim to be from a company or institution, requesting that you provide personal information.

Let’s say you receive a phone call from someone claiming to be from your credit card servicer. They say your card has a suspicious charge that must be verified immediately. They might ask for the card number, security code, or PIN.

Since vishing attempts require a person to talk to you, the attacker might try to push a sense of urgency or importance based on their tone. Listeners could be compelled to act since the message seems more personal. Emotional manipulation is a common scam tactic.

Just like in smishing attempts, it’s crucial to remember that it is rare for established institutions to ask for personal information directly. Should you ever receive a phone call from someone suddenly asking for information, your best response is to remain silent and hang up. You can even ignore the call altogether if the number is unfamiliar.

Protecting Yourself in a Mobile-First Environment

Smartphones and tablets have made communicating, shopping, and doing business easier. At the same time, they have also made it easier for fraudsters to find new targets.

All in all, the methods used in guarding against phishing attacks can also apply to smishing and vishing attempts:

  • Always verify the sender
  • Never divulge your personal information to strangers
  • Don’t tap on suspicious links
  • Delete malicious messages and block the sender’s number/account

Remember: First Florida Credit Union representatives will never contact you for personal information or account numbers. For more information on preventing phishing, visit our Scam and Fraud Education (S.A.F.E.) page.


A new streamlined FFIS page will be launched soon.

In the meantime, to access your accounts, visit

or call (800) 766-4328, x8806.