Phishing, Vishing and Smishing: What You Need to Know So You Can Protect Yourself

Using a cell phone and computer is now part of your everyday life. And with that, it’s important to be aware of the different types of online threats that you could experience. Phishing, vishing and smishing are a few social engineering scams that cybercriminals are using to steal your personal and confidential information. By knowing what these scams are and how to detect them, you will be better prepared to avoid falling victim to them.


This is probably the most common method of attack used by cybercriminals. Phishing happens when scammers send you an email to try and trick you into clicking a malicious link, replying with personal information or downloading a file. Phishing messages will look like they are coming from a company you know or trust and are designed to capture data like bank information, logins and passwords. The email is often an enticing invitation, making it hard not to click.

When you click the malicious link or download the file, it will download malware onto your device, allowing the hacker to access all of your sensitive information.

Red flags to look out for include:

  • Spelling and grammatical errors
  • An unusual URL link that leads to a different site than mentioned in the message

Tip: Hover your mouse over the link to see the entire URL and where it really leads to. But, be sure to not actually click the link! Please note that Needham Bank will never ask you to provide confidential information such as your account number, PIN, password or Login ID via email.


Vishing, or voice phishing, is similar to a phishing attack, but it occurs over the phone. This type of scam is a fraudulent phone call that uses personal information the scammer has previously obtained through a phishing attack. After stealing your confidential information from the fraudulent email, the cybercriminal will need to take it a step further to receive your SMS password or digital token to finalize the fraud operation.

The criminal will call you over the phone and claim that they work for a bank. Normally, they will use particularly alarming messages to try and get you to reveal your password or PIN that is needed to authorize their transactions.

Red flags to look out for are:

  • An unfamiliar or unknown caller ID
  • A caller who doesn’t answer your questions or provide further detail on the situation
  • A caller who claims to be a bank employee saying there is an issue with your account

Tip: Hang up and directly call the organization the scammer is pretending to be from to clarify the fraud attempt.


Smishing stands for SMS phishing and it is when text messages are sent to try and get you to pay money, click on a suspicious link or download an app. Sometimes the scammer will try and get you on the phone by sending a text message asking you to call a number, in order to persuade you further. Similar to the other types of social engineering methods, the attacker will pretend to be a representative from a familiar organization or business. These texts will usually try to inform you that someone has tried to access your account, made a suspicious purchase or that your account has been frozen. In order to fix this issue, the scammer needs your password or other personal data to make updates to your account.

There are also smishing instances where you receive a text message that indicates it’s from a legitimate agency such as the CDC, IRS, or SBA, asking you to click a link that will direct you to input your personal and business information in order to get updates on something timely such as COVID-19 cases, stimulus check status, or relief for your small business. The information that is input is then forwarded to the fraudsters.

Always review text messages for these red flags:

  • Spelling and grammatical errors
  • Sent from an unfamiliar number
  • Contains an embedded link

Tip: Always watch out for texts from unknown senders and never reply.

How to Avoid Falling Victim to an “–ishing” Scam

  1. Never provide any passwords or financial credentials to anyone requesting them over the phone or email. Legitimate financial institutions and businesses will never ask for that information.
  2. Think before you click. Confirm email requests via phone prior to making any transactions and never click on a link or open an attachment within a message unless it is from a known source.
  3. Monitor your accounts to ensure that all transactions posted are authorized and accurate.
  4. Make sure your computer is up to date with malware and security settings.

If you’re a Needham Bank customer and you suspect there’s been fraudulent activity with one of your accounts, call 1-781-444-2100 or your local branch as soon as possible. If your card is lost or stolen, or you suspect unauthorized use, contact Needham Bank immediately at 1-833-337-6075. For international calls, please call 1-614-564-5105.