indicatorBanking and Fraud Prevention

How to avoid phishing, vishing & smishing scams

We define phishing, vishing, and smishing scams and go over how to prevent them.

By ATB Financial 17 February 2023 3 min read

Confused about cyber security terms? Let’s debunk common fraud attempts, including phishing, vishing and smishing scams. What are they? How do you identify them? And, most importantly, how can you prevent them?

We’re here to help break down these three common cyber security scams so you’re equipped to identify and avoid them.

What’s phishing?

Phishing is when you get an email that appears to be from a legitimate organization, like a government agency or bank.


What’s vishing?

Vishing (voice phishing) is when you receive a phone call that seems to come from a legitimate organization.


What’s smishing?

Smishing, also called SMS phishing, is when you get a text that seems to come from a legitimate organization.


How to identify phishing, vishing and smishing scams

Now that you know what these terms mean, how do you know if you’re being scammed?

  1. Request to share verification codes: never share Two-Factor Authentication (2FA) codes with anyone, using text message (SMS) or over the phone.
  2. A common fraud tactic starts with a phone call from someone claiming to be from your bank’s fraud department. The number of caller ID might even match your bank's number. The caller informs you of suspicious charges on your account and may ask for sensitive information, such as your verbal password or card number, to verify your identity. 
  3. Inconsistencies in email addresses, domain names and links: look for email addresses that don’t match the contact’s usual email, links that don’t include the domain name or misspelled domain names. These inconsistencies point to a scam.
  4. Strange greeting and tone of voice: is a colleague addressing you too familiarly? Too formally? Does the person leaving the voicemail sound automated? These are red flags for phishing, vishing or smishing scams.
  5. An unusual request: if someone is asking you to do something that’s outside of the norm, there’s reason to distrust.
  6. Requesting credentials, payment information and other personal details: this is one of the biggest giveaways of a scam. Fraudsters can create fake landing pages and prompt you to login to your account to make an outstanding payment, for example.
  7. Suspicious attachments: received an attachment from an unfamiliar source? Weren’t expecting any files being sent your way? The attached file has an extension that’s associated with malware (.zip, .exe, .scr, etc.)? It may be a scam.
  8. Threats or a sense of urgency: if a message threatens you with negative consequences or demands immediate action, it should be treated with suspicion. Fraudsters hope to fluster you so you rush to act and miss other suspicious signs of a scam.
  9. Grammar or spelling errors: professional sources use spell check to make sure their communications are polished. If you see improper use of grammar and multiple spelling mistakes, that’s a red flag.
  10. Unsolicited communication: if you didn’t initiate the communication by opting into marketing communications with a company, then you should be suspicious.
  11. Unexpected offers or prizes: fraudsters will often prompt you to click a link or provide personal details by telling you that you’ve won a prize, qualify for a gift or get a discount on something.
  12. Vague messaging: fraudsters will use vague language to try to convince you that they’re legitimate. For example, a fraudulent message addressed from a colleague or boss could refer to “our previous meeting, where we discussed these confidential matters.”

Tips to avoid phishing, vishing and smishing scams

Some of these emails, calls or texts can appear very convincing, using logos or mimicking legitimate communications that you might expect. Remember that a reputable organization like ATB or a government agency will never ask for your personal information via email or text.

If you're ever uncomfortable providing your personal information on a call you've received, hang up and (on a landline wait for at least 30 seconds) call the number on the back of your client card. It's safer to share any sensitive information only during calls you initiate.

Pay close attention to the URLs you’re being asked to click on. If it doesn’t look right, chances are it is not.

If you get an email or text that seems off, do not reply, click on any links or unsubscribe to the emails, even if they threaten to close your account or limit your access. Report it to the organization who’s being spoofed by sending the email or a screenshot of the text as an attachment to the organization’s email, then delete the text message.

At the end of the day, the best defence against fraud is education. New fraud scams are emerging regularly. Knowing what’s out there equips you to identify suspicious communications and take the action to prevent being scammed.

Need help?

Our Client Care team will be happy to assist.