Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

All the “Ishings” Trying to Scam You

by

Scammers gonna scam.
The concept of phishing has spawned a variety of "ishing" terms. They represent different ways scammers try to achieve a common goal: to scam you. I'll review what they all mean.
The "ishings":
(Image: ChatGPT)
Question: I get phishing, but what’s quishing or vishing?

Gotta love technology, where not a day goes by that we don’t make up a brand new word.

What matters most is that you understand the technique each word represents, since they are all attempts to fool you into giving up your accounts, your identity, and/or your money.

Let’s define the “ishings”.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:

The many ways of scammers

Phishing, smishing, vishing, quishing — they’re all sneaky scams trying to trick you into giving up personal information, money, or account access. Whether it’sby  email, text, phone, or QR code, the key to staying safe is to remain skeptical and double-check before you click or reply.

Phishing

This is probably the one you’re most familiar with.

A phishing attempt tries to fool you into clicking a link that takes you to a malicious website. It typically includes several characteristics.

  • It appears to be from a reputable source, like your bank, a shipping company, the government, or some other official entity you recognize.
  • The message almost always includes a sense of urgency: you need to take some kind of action soon or risk some kind of loss.
  • That action usually involves clicking on a link provided in the message.
  • That link takes you to a malicious, fake website designed to look like the official site you expect.
  • That fake website instructs you to fill in some kind of sensitive information. It could be as simple as looking like you’re signing into a service you already use, or it could be a payment page or something else. Because it’s all fake, you’re handing sensitive information to a scammer.

Phishing refers to scam attempts via email.

Spear phishing

In general, phishing is a game of numbers. The scammer casts a wide net and captures anyone who falls for the scam. There’s no effort to choose who gets scammed.

Spear phishing uses the same techniques but targets a specific individual or group of individuals.

This is more common in corporate or similar environments. Spear phishing allows the message to be highly personalized to help fool the intended recipient. It’s one of the ways data breaches happen. An unsuspecting employee falls for the bait, and the scammer gains access to corporate resources.

Smishing

Smishing is SMS1-based phishing. In other words, it uses text messages to fool you.

Once again, the goal is typically to get you to click or tap a link taking you to a malicious website. On mobile devices, it can also be an attempt to get you to download and install malware.

The single most effective approach to dealing with smishing is to ignore any text from someone you don’t know. This also protects you from a variety of other text-based scams.

Quishing

Quishing is QR-code-based phishing.

For example, if there’s a QR code posted in a public place — perhaps to get more information about an upcoming event — scammers can print their own QR codes on stickers and paste them over the original. The replacement QR code leads you to a malicious fake website that collects data from you.

A more specific example I heard of recently is on-street parking. Some parking lots have you scan a QR code on the parking meter to download the associated app, which you then use to pay. Scammers replace that code with one of their own, which behaves exactly the same way… except they take the money, and you get a ticket for not having paid for your parking.

Unfortunately, quishing can be difficult to detect and avoid.

Vishing

Vishing is voice-based phishing.

You get a call from someone claiming to be from a trusted authority. The goal, like any of the “ishing” attacks, is to get your personal information, including credit card information, and steal your money or worse.

The so-called “tech support scam” is a great example of vishing. You get a call from someone claiming to be from your ISP or Microsoft or some other computer-related company, telling you that your computer is causing problems. They trick you into giving them access to your computer, at which point they harvest all the personal and account information they can.

Do this

The single best way to avoid getting “ished” is to remain skeptical at all times and take nothing at face value. Ignore calls and texts from people you don’t know, and be extra cautious when dealing with email notifications of any sort.

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

Podcast audio

Play

Download (right-click, Save-As) (Duration: 5:17 — 4.9MB)

Subscribe: RSS

Related Video

Footnotes & References

1: Short Message Service

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Additional information is available at https://askleo.com/creative-commons-license/.