Phishing, smishing, vishing

Phishing, Smishing, Vishing – What’s the Difference?

In the IT world there are many words and acronyms used that mean something to those of us in the industry but that may not mean much to our customers. Phishing, smishing and vishing are three of those words. All three are related to gathering personal information to carry out a cyber attack using compromised credentials. Most people have heard of phishing but as with everything cybersecurity related, threat actors are always looking for better, easier, or complementary ways to attack.   

Today’s article will focus on defining these concepts and on how to prevent these types of attacks by understanding what methods are used by the cybercriminals and how to spot these types of attacks. 


Phishing is a method of cyberattack that attempts to deceive victims into clicking on fraudulent links that are included in emails. The emails look like they come from legitimate sources or known entities and usually have a sense of urgency to them. The link usually takes the victim to what looks like a legitimate form or website that asks for personal identifiable information such as usernames, passwords, account numbers or other private information. The information is then sent directly to the cyber criminal without the victim realizing that they were tricked. The link can also deploy malware, ransomware, spyware and other malicious software on devices. 

For example, an email that looks like the IT department or Microsoft that the victim’s account has been locked and requests that the victim clicks a link to regain access. The link actually leads to a fraudulent form that collects the victim’s information. The threat actor then has information that can help them access the environment the victim works in and may gain access to very sensitive data. 


Smishing is like phishing, except it comes in the form of a text message. A smishing text will often contain a fraudulent link that takes victims to a form or website that’s used to steal their information. Similar to phishing, the link can also download malware, ransomware, and so forth onto the victim’s device. 

Smishing text messages appear to be urgent requests sent from a bank or delivery service, for instance. They may claim that there’s been a large withdrawal from your bank account (a bank would never do this), or that you need to track a missing package (best to go directly to the delivery service website, not click on the link provided). Again, the threat actor is attempting to obtain information that can help them access the environment the victim works in and may gain access to very sensitive data. 


Fraudulent phone calls or voicemails fall under the vishing method of attack. Scammers call potential victims, often using pre-recorded robocalls, pretending to be a legitimate company to obtain personal information from a victim. 

An example would be a victim getting a call from someone pretending to be their IT Helpdesk. If the call is answered and the victim connects with the alleged agent, they may ask to confirm the victim’s identity to provide the help the victim needs i.e. the victim’s M365 password is expiring and needs to be changed as soon as possible:  

  • First and last name 
  • Email address 
  • M365 Username 
  • Current Password 

If multi-factor authentication (MFA) is enabled, they may ask to stay on the call until the code is received so they can gain access.  

Preventing Phishing, Smishing and Vishing Attacks 

Here are some recommendations to help avoid becoming a victim of phishing, smishing or vishing.  

  • Never click on links from someone that is unknown or not what is usually received from a known person. Instead, the real website for the organization the communication is supposed to be from should be visited to check to see if the notification indicated in the email or text message is real. Calling the person who sent the message is also a good alternative. 
  • If a call is received from a financial institution, government organization or company that the organization does business with asking for confidential information, do not provide it. We recommend calling them at their official phone number to ensure the request is legitimate. 
  • We recommend investing in Cybersecurity awareness and training for all of the organization’s leaders and employees. This will help with identifying phishing, smishing or vishing attacks and lower the risks of the organization falling victim to an attack. 

Cybersecurity awareness and training is one of the ways for organization to reduce the risks of being victimized by cyber criminals. MicroAge can help you determine what the best solution is for you. Let’s start a conversation today. 

Get the most from your IT

As service providers to more than 300 companies, the dedicated professionals at MicroAge are second to none when it comes to managed services. By improving efficiency, cutting costs and reducing downtime, we can help you achieve your business goals!

Most commented posts

Knowing When to Upgrade Your Tech

When was the last time you upgraded the technology in your business? Do the computers in your office look like the one pictured? If so……

Read More

How to Train Your Staff to be Savvy About Cyber Security Threats

As a business owner, you do everything you can to keep your business safe. You think before checking strange emails, you avoid risky sites, and…

Read More
what's new with microsoft teams

Enhancing Collaboration For Remote Work – What’s New With Microsoft Teams? 

Since the outbreak of COVID-19, the entire world has taken a big leap towards remote working. Communication via online platforms is the new normal, and…

Read More

3 Critical Cyber Threats For Businesses in 2019

Malware, vulnerabilities, and social engineering are some of the main concerns for IT security professionals. Although the tactics used to target businesses and individuals are…

Read More

What SMBs Should Expect From Today’s IT Service Providers

The role of an IT service provider has changed over the years. It used to be that it was enough to just be good with…

Read More