Phishing, vishing, smishing, and pharming? All of these are new and more insidious ways scammers are trying to rip you off to take your identity, your money, or both. It can seem like a dangerous game of whack-a-mole, as online criminal activity evolves and seemingly pops up everywhere.
In the US, reported fraud losses hit a record $12.5 billion in 2024, with similar or higher figures expected for 2025 when all the losses are finally tallied up. Estimates of total global scam losses range from $442 billion to a staggering figure of more than $1 trillion!
Your first and best line of defense against scam artists starts with knowledge. So what exactly are phishing, vishing, smishing, and pharming? Here’s what the FBI has to offer:
“Phishing schemes often use spoofing techniques to lure you in and get you to take the bait. These scams are designed to trick you into giving information to criminals that they shouldn’t have access to.
In a phishing scam, you might receive an email that appears to be from a legitimate business and is asking you to update or verify your personal information by replying to the email or visiting a website. The web address might look similar to one you’ve used before. The email may be convincing enough to get you to take the action requested.
But once you click on that link, you’re sent to a spoofed website that might look nearly identical to the real thing—like your bank or credit card site—and asked to enter sensitive information like passwords, credit card numbers, banking PINs, etc. These fake websites are used solely to steal your information.
Phishing has evolved and now has several variations that use similar techniques:
- Vishing scams happen over the phone, voice email, or VoIP (voice over Internet Protocol) calls.
- Smishing scams happen through SMS (text) messages.
- Pharming scams happen when malicious code is installed on your computer to redirect you to fake websites.”
Spoofing
All of these criminal schemes begin with spoofing. Spoofing is when someone disguises an email address, sender name, phone number, or website URL—often just by changing one letter, symbol, or number—to convince you that you are interacting with a trusted source.
“For example,” the FBI explains, “you might receive an email that looks like it’s from your boss, a company you’ve done business with, or even from someone in your family—but it actually isn’t. Criminals count on being able to manipulate you into believing that these spoofed communications are real, which can lead you to download malicious software, send money, or disclose personal, financial, or other sensitive information.”
The STOP Method
Don’t become a sheep to the wolves out to cheat you out your hard-earned money. Be proactive and apply these 4 steps:
- S - Stop (Pause, Don't Rush): Scammers thrive on urgency, such as claims of a "problem with your account" or "immediate action needed." Take an active pause to move from emotional panic to logical thought, as recommended by the Federal Trade Commission (FTC).
- T - Take a Moment to Verify: Consumer Action advises that you should not call a number provided in a suspicious text or email. Contact the company, bank, or person directly using a phone number or website you know is real.
- O - Only Communicate Safely: Do not click on links in unexpected messages, warns the FTC even if they appear to be from a known entity. Never pay via gift cards, cryptocurrency, or wire transfers, which are hallmarks of scams.
- P - Protect Your Information & Report: Immediately hang up, block the sender, or delete the email. If you have already shared information, contact your bank. Report the attempt to authorities like the federal government’s Internet Crime Complaint Center (IC3).
