Smishing, Phishing and Vishing: cyber security for remote working


Read time

Cyber security risks have increased globally since the pandemic. This is due to more people working remotely, which in turn has created more opportunities for criminals to steal data from people and companies for profit, knowledge or disruption.

Three types of cyber attacks that are becoming increasingly prevalent are Smishing, Phishing and Vishing; these attacks can cause serious damage to you personally and your business.

What you can do to protect yourself and your company:


What is Smishing?

These are mobile phone text messages that pretend to be from reputable companies to trick individuals into revealing personal information, such as passwords or credit card numbers.

Common messages to look out for are often subjects sent as Banking, PayPal, HMRC, NHS, TV Licencing, Couriers and COVID-19.

If you receive a suspicious text;

  • Do not respond to the sender or click on any links.
  • Take a screenshot of the text message and forward it to your technical support team for them to verify.

If the sender is someone you know, contact the person using a different contact number and check if the message is valid.


What is Phishing?

These are email scams that are sent to cause business disruption, as well as financial and reputational damage to organisations and individuals. 

Phishing emails aim to trick individuals into:

•    Disclosing sensitive or confidential information; 
•    Entering information on a fake website they’ve been redirected to;
•    Clicking on a malicious link;
•    Opening a malicious attachment; or 
•    Sending a payment or completing some other action they wouldn’t ordinarily do.

These emails often look authentic and can even appear to be from a colleague or personal contact.

If you receive a suspicious email; 

•    Do not respond to the sender or click on any links.
•    Be wary of urgency or deals too good to be true – they usually are.
•    Forward the email to your technical support team to confirm.
•    Delete the email.

If the sender is someone you know e.g. an organisation such as your bank, contact them using their customer service channels to verify.


What is Vishing?

The word 'vishing' is a combination of 'voice' and 'phishing'. However, instead of using email, text messages or fake websites like phishers do, vishers use a regular telephone or mobile to call and attempt to extract information.

If you receive a suspicious phone call;

  • Do not give the caller any information. You should never give out anyone's contact details without their permission Instead, ask for the callers contacts details and tell them you will pass on their request.
  • Forward the telephone number to your technical support team for them to verify.


For further guidance on managing cyber risk, please visit our webpage for more information.

Kathryn Brown

Kathryn is responsible for Howden’s cyber offering, working with a number of businesses to manage cyber risk and implement the right risk transfer solutions. Kathryn is an ACII qualified Chartered Insurance Broker - and with over 10 years’ experience in the industry, there isn’t much she hasn’t seen.