Trying to minimize the risk of vishing and smishing takes awareness and safe practices. Vishing and smishing are forms of phishing that occur via phone call or text message. The tactics implied are based on manipulation and social engineering. Scammers look for bank account numbers, codes and passwords saved on smartphones to steal identities and financial resources. They also collect lists of phone numbers from the dark web or take advantage of companies that had sensitive data breached.
According to Social Engineer, a website that covers all aspects of social engineering, vishing is done using the "(...) practice of eliciting information or attempting to influence action via the telephone."
Smishing is a fraudulent text message that consists of a URL or a call back phone number. The "smishing" term comes from SMS (short message service) and phishing. Smishing attacks exploit SMS messages in which people are tricked into giving out their information. This scheme dates to 2004 and since then it evolved throughout time along with cell phones.
How to identify vishing and smishing?
Vishing has many faces, from fake IRS agents to court clerks. In addition, scammers will pose as immigration officers, attorneys, bank representatives, telemarketers soliciting business and fundraisers. They use false names and spoof caller IDs to seem credible. Scammers can't take "no" for an answer and will go to great lengths to get what they want. For instance, the victims in an IRS scheme will receive arrest threats, while impersonators solicit business too good to be true.
On the other hand, smishing fraud brings con artists one step closer to their victims. One click can give them complete control over cell phones. Examples of smishing are an Apple ID reset or a delivery notification from a known brand.