Skip to main content

Know your scams: Phishing, vishing and smishing

Some manipulative tactics are on the rise. Learn how to identify them so you can help protect yourself.

Is that unusual or even slightly disconcerting email, phone call or text really from a company you trust or a government worker? If your gut tells you something is off, it probably is. Scammers could be after confidential information such as your Social Security number, bank account details or credit card numbers, and they’re attempting to get it using social engineering—essentially, manipulating you into giving out your data.

Social engineering messages usually have common giveaways like generic greetings (“Dear customer”), vague subject lines or unknown senders. Urgency can be another tip-off, like demands for a response or immediate action. Or they might contain an offer that seems too good to be true, like a sizable cash prize. You may also see a request to verify your personal data, or to give access to your computer for a software update.

It’s smart to stop before you respond to any message or click any URL and consider whether it’s valid. New social engineering maneuvers are always emerging. For example, scammers may collect information from social networking platforms, such as Facebook and LinkedIn, to create highly personalized messages.

Scammers use three main social engineering techniques to try to trick people into disclosing personal information. Protect yourself by learning how to spot them:


What is phishing? An email message that asks you to click on a link, download a file or reply with confidential information.

Red flags to look for:

  • Spelling and grammatical errors
  • Apparent typos in the sender’s address, such as
  • An unusual URL or a link that points to a different site than the one mentioned in the message
  • A request not to call the sender


What is vishing? A phone call or voice message from a person requesting confidential information.

Red flags to look for:

  • An unfamiliar or unknown caller ID
  • Caller who claims to be a company employee or government official, saying there’s a problem with your account, Social Security number or taxes
  • A person (such as an unidentified “nephew”) in an emergency situation who needs money immediately
  • Caller doesn’t answer questions or provide details about the situation


What is smishing? A text message asking you to click on a link or reply with confidential information.

Red flags to look for:

  • Sent from an unfamiliar number
  • Spelling and grammatical errors
  • A link promising a video, shopping deal or website

Damage control

OK, you clicked on the link or gave the caller your information. Here’s what you can do to limit the chance it’ll hurt you.

Change the passwords and PINs immediately. If you use the same password on multiple sites, access to these accounts can more quickly be gained based on one successful entry. Change these passwords immediately following news of a data breach. Choose strong, complex passwords that are hard for cybercriminals to guess.

Protect your devices. Update your computer or smartphone software to the newest version and run a comprehensive virus scan. Use encryption, ensure you have a firewall enabled and use secure, password-protected Wi-Fi or VPN. And turn off your computer when you’re not using it, since it’s inaccessible to hackers when powered down.

Notify your bank, credit card companies and all credit agencies. Consider freezing or canceling credit cards if you believe your data was compromised. Check your credit reports regularly to identify any suspicious activity.

Report the scam to the Federal Trade Commission or the FBI’s IC3 unit.

Close Disclaimer

The material provided on this website is for informational use only and is not intended for financial, tax or investment advice. Bank of America and/or its affiliates, and Khan Academy, assume no liability for any loss or damage resulting from one’s reliance on the material provided. Please also note that such material is not updated regularly and that some of the information may not therefore be current. Consult with your own financial professional and tax advisor when making decisions regarding your financial situation.

Up Next

Contact Us