Skip to main content
In light of recent global events, there is a heightened risk of cyber-attacks. We urge local organisations to exercise additional vigilance when monitoring IT infrastructure. Please report suspicious activity to us via our Cyber Concerns Reporting Tool.
Report Here

What is 'vishing' and 'smishing'?

'Vishing' is when fraudsters use phone calls to masquerade as a legitimate person or organisation in an attempt to trick people into following out instructions that can lead to personal or sensitive information being stolen or financial loss.

Scam messages received through SMS text or another messaging/chat platform is referred to as 'smishing'.

A lot of these scam calls and messages use fake ('spoofed') numbers and might even appear to be locally based.

If ever in doubt about a call, hang up and use a known number for the legitimate organisation or, if you have an online account with the company, log in and make contact that way.

What to look out for

Smishing messages are received unexpectedly and may even appear to come from a friend, family member or colleague. These messages will usually try to get you to act urgently or will offer something too good to be true, such as being a competition winner.

Vishing comes in many different forms. Some may pretend to be from popular companies like Amazon or PayPal, or they may purport to be from your bank, fraud department and even Government authorities like the National Crime Agency.

As with smishing, urgency is usually key to tricking people into acting on the requests of the fraudster.

Some examples of smishing and vishing scams may include requests to:

  • Purchase gift cards
  • Move money to a 'safe' account
  • Pay a 'release fee' in return for larger sums of money (e.g. competition scams)
  • Let someone remotely access your computer device to 'fix an issue'.
  • Share a security code sent to your device

Things to keep in mind...

  • Organisations will not call out of the blue and ask to access your computer, device or bank account.

  • Banks and organisations will never ask you to move money into a 'safe' account.

  • Never give out your whole PIN, secret phrase or any other security code to a caller or in a message.

  • When calling an organisation after receiving a suspicious call, use a different phone if possible as some scammers have been known to keep the line open after hanging up and pretend to be the legitimate organisation. If you can’t use a different phone, wait at least 10 minutes before making a call.

  • If you have been the victim of a scam, contact your bank immediately. You can also report it to us on our website.

If you think you have been the victim of a vishing or smishing scam:

  • If you have lost money, contact your bank as soon as possible.

  • If you have given a scammer access to your computer or device, run a full system scan on your anti-virus software and follow any instructions given. Make sure any remote access software has been removed.

  • If you have provided information such as your password, change your password for all accounts using that password. Struggling with keeping so many passwords? See the UK NCSC guidance on creating passwords here: https://www.ncsc.gov.uk/blog-post/three-random-words-or-thinkrandom-0 

  • Report it to us using our Cyber Concerns Online Reporting Form - This enables us to understand the local threat landscape so we can get appropriate messaging out to residents and businesses. Where possible, we will also endeavour to provide assistance.

Downloadable documents

Vishing Alert (Guidance Poster) (PDF)