What’s the Difference Between Phishing, Smishing and Vishing?

Quick Answer

Phishing, smishing and vishing are all methods of identity fraud that differ in how scammers contact you—by email, text or phone—to steal personal details or financial account information.

A closeup photo of a person's hands holding a phone while getting an email notification on their work desk.

Phishing, smishing and vishing are three ways a scammer might contact you in an attempt to gather personal information about you and carry out identity fraud.

These and other methods of identity fraud use your personal data or financial accounts to steal money, receive loans or services in your name, or to commit other crimes. In 2021, there were more than 1.4 million reports of identity theft, according to the Federal Trade Commission. Knowing what methods fraudsters use and how to spot them can help you avoid becoming a victim.

Methods of Contact for Phishing, Smishing and Vishing
Phishing Email
Smishing SMS/text message
Vishing Phone, robocall, voicemail, voice over internet protocol (VoIP)

What Is Phishing?

Phishing is a method of cyberattack that attempts to trick victims into clicking on fraudulent links in emails. The link typically takes the victim to a seemingly legitimate form that asks them to type in their usernames, passwords, account numbers or other private information. This information is then sent directly to scammers, and the victim may be none the wiser.

For example, an email may state that your bank account has been locked and requests that you click a link to regain access. In truth, that link will lead to a fraudulent form that simply collects your information, such as your online banking username and password. The scammers can then log in to your account and steal your money.

What Is Smishing?

Smishing is a kind of fraud similar to phishing, except that it comes in the form of a text message. A smishing text will often contain a fraudulent link that takes victims to a form that's used to steal their information. The link may also download malware such as viruses, ransomware, spyware or adware onto the victim's device.

These smishing text messages may appear to be urgent requests sent from a bank or parcel delivery service, for example. They may claim that there's been a large withdrawal from your bank account, or that you need to track a missing package. It can be easy to fall for this scam if you think you must take quick action to solve an urgent problem.

What Is Vishing?

Fraudulent calls or voicemails fall under the category of "vishing." Scammers call potential victims, often using prerecorded robocalls, pretending to be a legitimate company to solicit personal information from a victim.

Perhaps you get a call about your car's extended warranty. If you answer this call and get connected to an alleged agent, you may be asked to provide information such as:

  • First and last name
  • Address
  • Driver's license number
  • Social Security number
  • Credit card information

Some scammers may also record your voice and ask a question you're likely to answer with "Yes." They can then use this recording to pretend to be you on the phone to authorize charges or access your financial accounts.

How to Prevent Phishing, Smishing and Vishing Attacks

To avoid becoming a victim of phishing, smishing or vishing, there are a few rules you can follow. These can protect you directly from scams and reduce the likelihood you will be targeted in the first place.

  • Never click on links from someone you don't know. Go directly to the real website for the organization the communication purports to be from and check to see if the notification indicated in the email or text message is real.
  • Never give out personal information to someone who contacts you out of the blue. If they claim to represent a bank, government organization or company you already do business with, hang up and tell them you will call right back. Then go to the official website of the organization and call them at their official phone number to find out what's really going on.
  • Don't answer calls or texts from numbers you don't recognize. Even if you answer only intending to ask to be taken off the list, the scammers will note that you interacted with the call. This will likely increase the number of calls you get from scammers in general.

How to Protect Yourself if Your Information Has Been Stolen

Scams are increasingly common, and many people become targets before they've even heard of phishing, smishing or vishing. In addition to the preventative steps above, it's important to be familiar with resources that can help you if your personal information is stolen.

  • Credit freeze: You can freeze your credit for free with all three national credit bureaus—Experian, TransUnion and Equifax. If you know a scammer has gotten hold of your private information, freezing your credit can prevent them from opening credit accounts in your name.
  • Personal privacy scan: You can find out if your personal info is out on the web with Experian's personal privacy scan. This checks for your information online and can help protect you from robocalls and other phishing attempts by showing you where your info is exposed.
  • Identity theft protection: For complete identity theft protection after you've been victimized by a scammer, Experian's IdentityWorksSM provides a suite of tools that will help you keep tabs on identity after a run-in with a scammer. Some of these tools include:
  • Dark web surveillance
  • Three-bureau credit monitoring
  • Payday & non-credit loan alerts
  • Change of address alerts
  • SSN monitoring
  • Financial account activity monitoring

While phishing, smishing and vishing scams are not likely to go away anytime soon, these are simple steps you can take to help protect yourself.