What is phishing, vishing and smishing?

Phishing

Phishing is a method used by malicious actors to try to steal information from your employees. This usually happens via a fake email. For example, via a fake invoice sent to your administration. When the invoice is opened, your employee receives a message stating that they must first log in to a fake website to view the invoice.

When your employee logs in, their user credentials (such as username, password, and/or other sensitive information) end up with the attacker. These details can then be used to log into your network and steal company data.

Smishing

Smishing follows the same principle as phishing. However, this method makes use of an SMS message. This fake SMS can send the user to a fake website where an attempt is made to steal login credentials or other sensitive information.

Vishing

Vishing is a technique in which the victim is called and an attempt is made to obtain sensitive information. This person will often pose as someone from an IT department or another authority. A common example of this is someone who calls you claiming to be from the Tax and Customs Administration. This person tries to convince the victim to transfer money or log in via DigID, thereby granting the criminal access.