Attorney General Ford Advises Nevadans to Protect Themselves from Phishing, Smishing and Vishing


March 10, 2022

Carson City, NV – As part of National Consumer Protection Week, Nevada Attorney General Aaron D. Ford warns Nevadans to be on alert for fraudulent messages designed by scammers to appear as though they are coming from legitimate sources.  

Consumers have likely heard of phishing emails — scam emails that look like they are from a company or government entity that consumers know and trust, such as banks, credit card companies social networking sites, online stores or the DMV, but are actually fraudulent and designed to trick consumers into giving away their personal information. However, scammers are adapting to new technology and have developed new ways of scamming consumers out of their personal information. Two of the most prominent new types of phishing scams are referred to as smishing and vishing.

“Scammers are adapting to new technology and using new strategies all the time,” said AG Ford. “Smishing and vishing scams are perfect examples of scammers taking all of their old tricks used in phishing emails and applying them to different mediums.”

Smishing, a combination of “SMS” and “phishing,” is phishing via SMS text messages. In this situation, a person will receive a text message, usually appearing to be from a company the person already has a business relationship with such as the customer’s bank. These texts often include a link created to solicit some sort of urgent response from the customer such as claiming a prize, claiming a tax refund, confirming a delivery or purchase or protecting an account. The goal of a smishing scammer is to get the customer to provide personal identifying or account information or link to malware. 

Vishing, a combination of “voice” and “phishing,” is phishing performed through a phone call. A scammer will make a vishing phone call and pose as a trusted source such as a bank in order to elicit personal or login information from a person. Often, a vishing call will come after a phishing email or a smishing text in order to bolster the legitimacy of the fraudulent email or text because a live person is calling. For example, a customer may receive a fraudulent text that appears to be from their bank claiming their account has been compromised. Then the customer gets a vishing call from a scammer posing as a bank representative and they are more likely to disclose personal account information Vishing perpetrators often use fake caller ID, or “spoofing,” to make the call seem like it is coming from a legitimate source. 

These scams are trending upward, with the FBI’s Internet Crime Complaint Center (“IC3”) reporting that they received 241,342 complaints in 2020 and the Anti-Phishing Working Group (“APWG”) reporting a record breaking 245,771 complaints in 2021. These scams can result in large amounts of money lost, with the Federal Trade Commission (FTC) reporting that US consumers lost $86 million through scam text messages in 2020.  Additionally, there has been an increase in reports that scammers will ask for gift cards as a mechanism to get money.  

With phishing, smishing, and vishing on the rise, the Office of the Nevada Attorney General urges you to stay on alert for the following red flags when you receive an email, text or phone call: 

  • Bad spelling or grammar: If you see any misspellings or bad grammar in an email or text message, even if it otherwise appears to be from a legitimate source, it is likely a phishing email or smishing text. 
  • Slight alterations in the URL or mismatched links: When you receive an email or text from a company or entity, look carefully at the spelling in the URL. It can be hard to catch, but often these URL links will have one or more letters missing or out of place. Similarly, if the link you see in the message is different than the link you will be sent to (you can find the actual link in an email by hovering over the link with your mouse without clicking on the link), it is likely a fraudulent message. 
  • Something looks off about the logo or website: Many phishing, smishing or vishing communications will try to send you to a fake website. Be skeptical of these websites and look closely — you will often be able to find something off about the website which is a red flag it is counterfeit.
  • Lack of personalization: If the email or text uses a general salutation or no salutation at all, be on alert that this may be a scam. Usually, your bank or someone you have done business with has your name or other identifying information.
  • Out of place requests for personal information: A company you have worked with before would not call or send an email or text asking for information they already have. Be suspicious if communication from an alleged trusted company asks for sensitive information such as user IDs or passwords, financial account numbers, health information and social security numbers.
  • Urgent calls to action: If a message or call requests that you act urgently, it is a good indicator of a phishing, smishing or vishing communication. These scammers want you to get into a heightened emotional state so that you are less likely to think through your actions.
  • Suspicious attachments: Do not open an attachment to an email from a sender you do not know personally, even if it looks like it is coming from a legitimate company.

If you have been a victim of a phishing, smishing or vishing scam, you may file a complaint with the Federal Trade Commission and the Office of the Nevada Attorney General. Include as much information as possible with your complaint, including any information you have about the person or entity that contacted you, including phone numbers, emails and websites.

###