Phishing, Smishing and Vishing
Why do smart people still fall for phishing?
- Define phishing, smishing and vishing
- Identify six warning signs in a phishing message
- Explain the correct response when a phishing message is received
Overview
Phishing is the most common cyberattack in the world because it targets people, not machines. A phishing message tries to trick you into clicking a link, opening a file, or handing over a password. Smishing is the same trick over SMS; vishing is the same trick over a phone call. Attackers rely on urgency, fear and familiarity — you get an email that looks like it is from your bank, and your first instinct is to react quickly.
Six Warning Signs
1) Urgency or threats ('Your account will be closed in 24 hours'). 2) Misspelt or lookalike domain (paypa1.com). 3) Generic greeting ('Dear customer'). 4) Unexpected attachment. 5) Requests for password or OTP. 6) Mismatched link text — hover to check the real URL.
Smishing
SMS phishing works because texts feel personal. Common lures: 'Your parcel is stuck', 'You won a prize', 'Bank OTP request'.
Vishing
Voice phishing uses fake calls from 'the bank' or 'IT support'. Attackers may already know your name — verify by calling back on a number from the official website.
The Right Response
Do not click, do not reply. Report to IT or your bank. If you clicked, change the password and enable MFA immediately.
Spot the Phish
- You will receive three printed phishing emails.
- Highlight and label at least four warning signs on each.
- Write the safest next action in the margin.
- Name three warning signs of a phishing email.
Reveal answer
Urgency, misspelt domain, unexpected attachment (also generic greeting, hidden link, request for OTP).
- How do you check where a link really goes?
Reveal answer
Hover over it (desktop) or long-press (mobile) to preview the URL before clicking.
- What should you do if you already clicked a phishing link?
Reveal answer
Disconnect, change the affected password, enable MFA, run a malware scan, report to IT.
Compose a fake phishing email of your own with at least four warning signs. Swap with a partner and mark up theirs.