Phishing, Smishing, and Vishing: What’s the Difference?

Phishing, Smishing, and Vishing: What's the Difference?

What is Phishing? 

Phishing is probably the most recognizable term in this list, as a lot has been done to bring awareness to these sorts of scams in recent years. If you haven’t heard of phishing, it is essentially when a fraudster impersonates a trustworthy source in a digital communication (such as an email) to obtain information of a sensitive nature. This can include login credentials for social networking and banking websites and even credit card information. Phishing is most commonly perpetrated by scammers over email. 

How to Spot a Phishing Attempt:

Watch for red flags in emails that could indicate an email isn’t from who you think. Phishing attempts often involve the fraudster impersonating someone you might know and asking you to do something urgently or feigning an emergency in the hopes that the emotional nature of the email will have you overlook important details like the sender email not matching the sender name. Less sophisticated attempts at phishing might include emails that have poor grammar or sentence structure. A poorly written email asking for something out of the ordinary can indicate something sinister is going on.  

Best Practices to Protect Yourself From Phishing: 

  • Never open an email from a sender you don’t recognize
  • Never click on an unsolicited link inside of an email
  • Double-check the sender address to see if the domain looks inauthentic

Receive our free guide

Want to Take Your Business Online?

In The Ultimate Guide to Getting Paid Online, we’ll run you through a whole bunch of ways your business can turn a profit on the web.

What is Smishing? 

Smishing is quickly becoming more common among scammers and is a form of phishing that relies on text messages to retrieve information. While many of us have become used to seeing unsavory-looking emails on a regular basis; untrustworthy text messages are something we are not so well conditioned to look out for. A good practice when it comes to smishing is therefore to never reply to a text message from a number you don’t recognize and to never click on a link embedded within a text. If the number looks funny right off, it may be best even to just delete it without opening it. If you do open some unfamiliar text messages, however, here are tactics employed by smishers you can be on the lookout for:

  • Posing as a collections agency threatening to hurt your credit score
  • Soliciting payments for an overdue service
  • Asking you to confirm banking information
  • Pretty much anything with a “click here”

SMS marketing is on the rise and it’s likely that people will receive fewer telemarketing calls and more text messages in the coming years. As a result, always exercise caution when clicking on a link or an offer that comes through your text inbox.

What is Vishing?

Even if you’re not familiar with the name of this particular form of phishing, you’ve probably heard stories of people falling victim to this ploy. Vishing is a scam whereby fraudsters call your personal phone number and threaten you with serious consequences if certain conditions are not met. While it used to be easier to avoid telemarketing and scam calls, nowadays, many of these calls appear to come from a local number so you are more likely to answer it. 

A classic example of this scam in Canada is the CRA scam which had a lot of traction in 2020. Scammers would call unsuspecting Canadians pretending to be a CRA agent and ask for tax money to be paid immediately. If people were not willing to comply so easily, these fraudsters would go so far as to threaten people with arrest by the RCMP. Some tips to avoid vishing scams are:

  • Don’t answer calls from unknown numbers
  • Never give out credit card information over the phone (unless you are confident you are speaking to a verified representative from your financial institution/insurance company etc. and you are the one who initiated the call)

Social Engineering Tactics

One of the key tactics of all forms of phishing is something referred to as social engineering. This is a technique whereby fraudsters gain people’s trust initially (just as a con artist would do in-person), and build rapport with their victims before executing their scam. Because some trust has now been established with the phisher, people may be more likely to comply with their requests.

Keeping Your Merchant Account Secure

To keep your merchant account, as well as your customers safe from scams and data breaches, here are some best practices for you to follow:

  • Never write down customer credit card information, use the Helcim card vault instead
  • Don’t click on anything suspicious in an email or text message
  • Use a different password for everything to do with your business
  • Use address verification or AVS 
  • Watch out for irregular activity like multiple failed transaction attempts, that could suggest stolen cards are being used at your store
We Are Helcim
We’re in the business of Better Payments.
Our merchants have all the tools they need to grow their business fast.

Learn More

Find out more about how to protect your account from fraud and the tools Helcim offers to help, like Helcim Fraud Defender by visiting our support page article on protecting your merchant account from fraud or talking with one of the Helcim Gurus today. You can also view our article on COVID-19 scams here.

Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on facebook
Share on twitter
Share on linkedin
Share on email

Contact Us​.

We’re Always Happy to Help!

Our in-house team of Merchant Experience Specialists are here to share their knowledge, answer your questions and point you in the right direction. No commissions, no pressure.

New to accepting card payments? Many of our merchants are first time business owners who are unfamiliar with the industry. We take the time to help you understand how it all works as well as how to avoid common pitfalls.

Get In Touch

Toll-Free: +1 (877) 643-5246


Calgary Head-Office:

Suite 400 – 440 2 Ave SW

Calgary, Alberta T2P 5E9

Seattle Office:

Suite 4200 – 701 5th Avenue

Seattle, Washington 98104