Skip to main content

What is vishing and smishing?

Telephone scams, often called 'Vishing', are when fraudsters use phone calls to masquerade as a legitimate person or organisation in an attempt to trick people into following out instructions that can lead to personal or sensitive information being stolen or financial loss.

Scam messages received through SMS text or another messaging or chat platform is referred to as 'Smishing'.

A lot of these scam calls and messages use fake ('spoofed') numbers and might even appear to be locally-based.

What to look out for

Vishing comes in many different forms. Some may pretend to be from popular companies like Amazon (Prime) or PayPal or they may claim to be from your bank, a fictional fraud department and even Government authorities like the National Crime Agency.

Smishing messages are received unexpectedly and may even appear to come from a friend, family member or colleague. These messages will usually try to get you to act urgently, often by creating worry or will offer something too good to be true, such as being a competition winner.

As with smishing, urgency is usually key to tricking people into acting on the requests of the fraudster.

Some examples of smishing and vishing scams may include the following requests or information:

  • Buying a replacement phone for a son or daughter who has supposedly broken it
  • Purchase gift cards
  • Move money to a 'safe' account
  • Pay a 'release fee' in return for larger sums of money (e.g. competition scams)
  • Let someone remotely-access your computer device to 'fix an issue' by downloading software
  • Asking you to share a security code that would be sent to your device.

Things to keep in mind...

  • Organisations will not call out-of-the-blue and ask to access your computer, device or bank account.
  • Robocalls, when you lift the receiver and an automated message plays, are commonly-used by scammers and rarely used by legitimate organisations.

  • Banks and organisations will never ask you to move money into a 'safe' account.

  • Never give out your whole PIN, secret phrase or any other security code to a caller or in a message.

  • When calling an organisation after receiving a suspicious call, use a different phone if possible as some scammers have been known to keep the line open after hanging up and pretend to be the legitimate organisation. If you can’t use a different phone, wait at least 10 minutes before making a call.

  • The Police will never tell you that they are investigating someone and need help by asking you to lie to your bank.

  • If you have been the victim of a scam, contact your bank immediately. Please also report what has happened to us on our website.

Have you received a scam?

  • If ever in doubt about a call, hang up and use a known-number for the legitimate organisation or, if you have an online account with the company, log in and make contact that way.

  • If you have lost money, contact your bank as soon as possible.

  • If you have given a scammer access to your computer or device, run a full system scan using your anti-virus software and follow any instructions given. Make sure any remote-access software has been removed.

  • If you have provided information such as your password, change your password for all accounts using that the same or similar If you are struggling with keeping so many passwords, please see the UK's NCSC guidance on creating passwords. Another option for managing your passwords could be to use a Password Manager application on your device.

  • Report it to us using our Cyber Concerns Online Reporting Form. Reporting telephone calls and messages helps us to understand the local threat-landscape so we can get appropriate warnings sent out to Manx residents and businesses. Where possible, we will also try to provide assistance to you.


This page was last reviewed 01/08/2023