We touch upon industry news, share our views, and shed light on technology trends.

What smishing and vishing attacks mean for your SMB

The “new normal” is projected to see businesses’ increased reliance on cloud-based solutions, and with it, more numerous and sophisticated cyberattacks. But not all cyberattacks that target small- and mid-size businesses (SMBs) are about shutting down systems or withholding data for ransom.

SMS phishing (smishing) and voice phishing (vishing) attacks prey on human error to trick employees into installing malware or divulging sensitive information. Here’s why you should be wary of them.

What are smishing and vishing attacks?

There are types of phishing attacks, or attempts to trick victims into visiting a malware-ridden site or getting them to disclose critical business data. They do so by pretending to be trustworthy entities such as banks or foundations, using convincing language to push potential victims into doing what they want.

But while all three rely on human emotions to drive victims into urgent action, their modes of delivery differ. Phishing attacks are sent via email, smishing attacks lure victims via SMS message, and vishing attacks use voice message to scam people.

According to cybersecurity authority CSO, phishing attacks accounted for more than 80% of reported security incidents in 2020, with $17,700 lost every minute due to these attacks. Email is still the primary mode of delivery of these scams, but smishing and vishing are also on the rise.

How to prevent smishing attacks

Smishing attacks are successful because some legitimate institutions do use SMS to reach out to their customers. Banks, for instance, send out occasional reminders about system maintenance. On top of this, SMS has a higher open rate than emails: people are more likely to open a text message than an email.

To avoid smishing scams, follow these tips:

  1. Don’t reply to messages from senders who are not in your contact list.
  2. Do not click on any link sent to your mobile phone, especially if you don’t know the sender. And if you do know the sender, always double-check with them if they had sent the link intentionally.
  3. Never install apps sent via text messages even if they appear to be from legitimate game developers. Only install apps through official channels, like the App Store or the Google Play store.

How to prevent vishing attacks

Vishing attacks are usually well-researched scams that namedrop high-ranking company officers, government agencies, or well-known vendors to build trust. Voice scammers also often use recorded messages or voice changers to hide their identity.

To avoid getting scammed by vishers, follow these precautions:

  1. Be wary of calls from unknown numbers, but don’t rely too heavily on caller ID either. There are caller ID services that allow users to choose a display name when they make a call, and scammers can exploit it to display the name of official entities.
  2. Don’t respond to requests for details. If the caller asks you to reveal sensitive information, hang up.
  3. If you receive a suspicious call instructing you to wire money, transfer the call to the person in charge of managing financial approvals. Genuine authorities will appreciate you taking time to verify the transaction, while scammers will most likely find an excuse to terminate the call.

What these scams mean for your SMB

Smishing and vishing attacks prove that criminals will exploit every opportunity to one-up SMBs, so you must remain vigilant at all times. Train your employees to identify scams, which is especially necessary for a remote workforce that doesn’t have immediate support or backup. All workers must be able to identify, probe, or handle any malicious phishing activity.

It also helps to establish a company policy that clearly indicates who is allowed to request certain information, who is authorized to approve such requests, and through which channels requests should be made.

Employ a zero-trust policy to restrict particular information from employees so that they have access only to information that concerns them. This way, even if an employee from the sales department receives a call asking them to divulge finance-related logins, they won’t be able to tell the caller anything because they don’t have the information to begin with.

Beef up your IT security by partnering with a local technology company that keeps smishers and vishers at bay. Midwest Data Iowa is a trusted IT partner of businesses in southwest corner of Iowa, and we’ll keep your systems protected with 24/7 proactive tech solutions. Contact us today.

Rock Port Office

214 S. Main | Rock Port, Mo 64482


Maryville Office

206 E 3rd St | Maryville, Mo, 64468


St. Joseph Office

518 Felix St. Suite 200 | St. Joseph, MO 64501