Emerging Mobile Threats: Smishing and Vishing

Smishing and vishing are new forms of cyberattack, and they threaten millions of Americans daily. In 2020, according to the Federal Bureau of Investigation, these attacks cost Americans more than $50 million, and those costs are expected to rise significantly.

Both smishing and vishing are forms of phishing; however, smishing scams are conducted via text messaging. Crafty phishers send texts appearing to be from trusted senders, such as banks and online retailers. These messages typically contain URLs or links that trick recipients into visiting websites that download viruses and other forms of malware onto the victim’s mobile device.

Vishing — a combination of the parts of the words “voice” and “phishing” — is the telephone version of phishing. This technique uses a spoofed caller ID to make attacks look like the call originates from a known number or perhaps an 800-number that might compel you to answer the phone.

Avoid smishing and vishing scams and keep the USPS® network secure with these tips:

n Do not click. Do not open any link or attachment from a telephone number you do not have saved in your contacts list or from a sender you cannot verify.

n Filter messages. Filtering unknown senders will block notifications from unsaved phone numbers, which decreases the likelihood of falling for a smishing scam. To filter unknown numbers, follow these steps:

n Apple users: Go to Settings > Messages and toggle on the “Filter Unknown Senders” option. This will create a new tab in your Messages app called “Unknown Senders.”

n Android users: Go to Settings > Spam Message Settings and select the “Block Unknown Senders” option.

For more information about smishing and vishing, visit the CyberSafe at USPS® pages on Blue (blue.usps.gov/cyber) and LiteBlue (liteblue.usps.gov/cyber).