Phishing, Smishing and Vishing

Cybersecurity threats are becoming increasingly sophisticated and challenging to detect. They can take different forms, including phishing, vishing, and smishing. Each type has a unique approach and goals to extract your personal or financial information, or other sensitive data.

Awareness of the different types of cyberattacks and taking proactive actions for protection can help you mitigate the risks.

Phishing

This is the most common type of attack. The cybersecurity criminals send emails disguised to be from trusted sources, such as banks or even from social media platforms, to trick you into clicking on malicious links in the email.

Smishing

Similar to phishing but the deceptive messages are sent through text messages. The attackers try to lure you to share personal or financial information and trick you into clicking on malicious links in the text message.

Vishing

Attackers call you and pose as support representatives or other support staff, and ask you for sensitive information, such as account information or login information.

How to Spot an Email Scam (Phishing)

Scam emails can skillfully imitate your bank and account for 96 percent of phishing attacks. Here are five red flags to look for that signal a scam:

1. Unusual Email Address

Does the sender email look suspicious? Be cautious if it seems unusual or doesn’t match the usual format.

2. Poor Grammar or Spelling

Look for typos, grammatical errors, or awkward language, as these are common signs of a fraudulent message.

3. Scare Tactics or Urgent Requests

If an email demands immediate action or pressures you to act quickly without time for consideration, such as an urgent warning of an account closure or security breaches, you can safely assume it’s a scam.

4. Suspicious URLs

Phishing emails use deceptive URLs to take you to malicious websites to log into your account. Your best bet is to log in through the bank's or company's website. Avoid clicking on links or calling numbers you weren’t expecting or don’t recognize.

5. Unexpected Attachments

Banks will never send an email attachment — especially when you didn’t ask for it. Attachments can contain malware that can compromise your computer or personal information. Never open attachments from emails supposedly from the bank or company, unless you are expecting the email. In addition, contact the company or bank using a phone number or website you know is real to confirm the email's legitimacy.

Emails Phishing Scam Tips

Click here to view the PDF version of the below image at American Bankers Association #BanksNeverAskThat.com: https://www.banksneveraskthat.com/

How to Spot a Text Message Scam (Smishing)

Sophisticated smishing campaigns (scam text messages) are on the rise. Cybercriminals are researching their targets and sending highly convincing text messages that are often supported by information they gather from data breaches. Smishing attacks are typically delivered through text message but can also come through other message platforms, such as social media, and trick you into giving the cybercriminals your personal or financial information.

Familiarize yourself with signs you should look for in suspicious text messages, so you don’t fall victim to an attack on your accounts or identity.

How does Smishing work?

Cybercriminals pose as legitimate individuals or organizations to lower your skepticism about the validity of the text and request. They hide their phone number through email to text services and spoofing to make the caller ID appear as an organization you trust.
Clicking on the URL may load malware onto your device or trick you into entering your login credentials to an account, or the message may trick you into replying with your personal information.

Identify a Smishing message

The message will contain a malicious link or ask for a direct response.
The message will request immediate action.
Some common examples of smishing messages include:
- A notification that there is suspicious activity on your account or log in attempts.
- A message promising free services or products, or a message that you won a giveaway or award
- A warning (eg. There’s a problem with your account, or a payment has been declined)
- A request to confirm your personal information.

The image above is an example of a smishing message.

1. Strange phone number: Is it the number your bank or company usually uses to send text messages?

2. Urgent warnings or requests: Smishing texts try to create a sense of panic, such as threatening to suspend your account or urging you to log in.

3. Grammar or spelling mistakes: Misspelled words or odd grammar are signs of an impersonator.

4. Requests for personal information: If the message requests personal or sensitive information (account numbers, PINs, passwords, or social security numbers), you can assume it is a scam.

5. Suspicious links: Banks and companies rarely send links in a text message. Call the company or bank to verify the message before taking any action.

Find more information at American Bankers Association #BanksNeverAskThat: https://www.banksneveraskthat.com/

What to do if you receive a suspicious message?

Don’t rush to reply or click the link. You can keep yourself safe by doing nothing at all. The attacks will only do damage if you take action by clicking on the link or replying to the message.
Call the company, bank or merchant directly. Verify the legitimacy of the message and go directly to the organization’s website and contact them using the official contact information. Do not use the link in the message.
Keep your device and apps up to date. Updates can contain security patches to help protect your device from vulnerabilities in a timely manner.

What to do if you become a victim of smishing?

Report the attack to the organization that the cybercriminals posed as in the message. You can also report the scam to the U.S. Federal Trade Commission. https://reportfraud.ftc.gov/
Change all your passwords and PINs.
Freeze your accounts.
Monitor your accounts and finances.
Notify NexBank if you provided any account information to the cybercriminals.

How to Spot a Telephone Scam (Vishing)

Vishing or voice phishing is a scamming technique where cybercriminals call you to steal sensitive information or money.

Reg Flags to watch for:

Immediate Demands for Personal Information: Scammers impersonate bank employees or figures of authority to claim there is a time-sensitive issue that requires immediate attention. They may ask for personal details like your social security number, banking information or passwords.

Threats of Intimidation: Scammers can threaten you with legal action or claims that your accounts are at risk.

Request for Remote Access: Scammers call impersonating companies or banks and request remote access to your computer or other devices.

Free Gifts, Prizes or Discounts : Unsolicited calls that offer gifts, prizes, or discounts that sound too good to be true.

Caller ID Spoofing: Scammers have the ability to make it look like they are calling from a legitimate company, bank or financial organization.

If you experience any of these situations, protect yourself.

End the call and contact the company or organization directly.
Monitor your account activity.
Change your passwords.
Place a security freeze on your accounts.

Protect Yourself from Mobile Payment App Scams

With mobile payment app scams on the rise with apps such as Zelle, Venmo and PayPal, NexBank wants to share tips on how to secure your account. Cybercriminals are getting smarter at tricking you into giving up your data and it only takes seconds for a scammer to access your account and funds. These payment apps don’t generally offer the same protection as other payment methods, so if you use them, get familiar with the risks and exercise good practices to protect your account.

Protect yourself from scams

Only send money to people you know and trust.
Don’t respond to an unexpected request for money from someone you know because cybercriminals may have hacked their account. Call or speak with them first to make sure the request is from them.
Don’t click on links from an unexpected message requesting money. Log in to the app instead and view the request in your account. Always verify that the request is legitimate before taking any action.

Never send money through your payment app to anyone:

That claims to be with a government organization or law enforcement agency.

That claims to be customer or technical support informing you that your account has been compromised or that there is an issue with your account. End the communication and contact the payment app, or the bank or credit card company you have linked to the account.
That accidently sends you money and asks you to send all or a portion of the money back.
That says you need to send money to claim your prize.

Additional tips

Download verified apps from the company website and update these apps regularly.
Never share your login credentials (username, password, PIN)
Protect your account with multifactor authentication
Check privacy settings on apps
Don’t save payment information; it is safer to manually fill it in or use a digital wallet
Don’t use payment or banking apps on public WIFI
Monitor your accounts and report any unknown transactions to your bank, credit card company, and the app provider immediately

What to do if you get scammed

If you believe your account has been compromised, change your password and setup or ensure multifactor authentication is enabled. Also, contact your bank or credit card company and notify the app provider.
If you find a transaction you didn’t authorize, report it to your bank or credit card company and notify the app provider.
If you paid a scammer with a mobile payment app, report it to the Federal Trade Commission: https://reportfraud.ftc.gov/

Mobile Payment App Customer Services

Many payment app customer support services are difficult to reach by phone and often require you to connect with them through email, text, or chat. Always use the verified app to contact customer service. Using an internet search to find the customer service contact information may display ads that lead you straight to a cybercriminal.