All of the terms below relate to methods used by fraudsters to trick you into revealing private/confidential information such as passwords, bank account numbers, credit card details, addresses and so on. On the surface they appear to victims to be genuine messages from trusted organisations. As well as potentially losing money, victims can have their identities stolen.
Term used to describe scams through email to steal personal information. The emails appear to come from well-known organisations – banks, building societies, shopping channels (eg Amazon).
Smishing is when someone tries to trick you into giving them your private information via a text or SMS message.
Vishing is a phone scam. A victim may be told that they owe money, or that their credit card has suspicious activity and needs to be shut down right away… they’ll first just need to “verify” personal information before they can close the card and reissue a new one.
Pharming is where someone has ‘substituted’ a website for the original one. The new website appears the same as the one a victim is using. This allows the scammer to acquire all the data entered by the victim or to access the victim's network.
A whaling attack happens when a scammer masquerades as a senior person in a company and directly targets other employees in that organization. It is sometimes called ‘CEO fraud’. The methods used are similar to phishing and include email and website tricking to steal money by persuading an employee to transfer money and/or confidential and sensitive information, or to gain access to computer systems.
Spear phishing happens when a scammer, disguised as a trusted individual, tricks a victim into clicking a link in a hoax email, text message or instant message. The outcome is that the victim innocently reveals sensitive information or installs malicious programmes (malware) on their network. It differs from a standard phishing attack because the victim is generally targeted by personalised emails rather than emails being sent to a number of people.
TO PROTECT YOURSELF: Do NOT click on links in letters and SMS messages, do not use unlicensed software, do not download software from unfamiliar websites, do not trust every first caller. DO use trustworthy browsers and antivirus software on your computer and other devices (such as smart phones and IPads), do activate two-factor authentication if available, and always recheck the information you are being given.