Phishing, Smishing, and Vishing: The Digital Scams to Watch Out For in 2025

In 2025 – with increasingly sophisticated AI and inventive personalised scams – complex digital attacks are on the rise. At the beginning of this year, the National Crime Agency reported that online scam numbers now make up more than half of all fraud cases, citing that “67% of fraud reported in the USA is cyber-enabled.”

Many of us are aware that these dangers exist, but as technologies and scammers evolve, it can be hard to keep on top of the latest online fraud tricks and internet scams. Stay ahead of evolving cyber security threats with actionable tips and real-world examples to help you identify, and avoid falling victim to, manipulative digital attacks.

What is Smishing and Vishing and Phishing?

When it comes to online fraud prevention, it’s important to know exactly what to look out for. But what is smishing and phishing? You may have heard of phishing, meaning email scams – smishing is the same type of online scams, but over text message instead. Vishing, on the other hand, is via phone call. Ultimately, all have the same aim – they’re designed to infiltrate networks, gain personal information and extract money. 

• Phishing: fake emails that try to steal your data or convince you to send money
• Smishing: mobile scams through SMS or text messages
• Vishing: meaning phishing through voice calls or phone scams

What are the Four Types of Phishing?

While the three mentioned above – phishing, smishing and vishing – are the most well-known, there is a fourth type of digital scam: spear phishing. It’s email phishing, but specifically targeted to the recipient and appears to be from legitimate senders: someone you know, or a company you use regularly.

The Four Types of Phishing are:

• Phishing 
• Spear phishing 
• Smishing
• Vishing

What are the 4 P’s of Phishing?

The 4 P’s of phishing refer to the tactics used to trick victims in online scams:

• Pretend: scammers pretend to be a person you know, an organisation or trusted company such as your bank or HMRC, to try and gain your trust.
• Problem: they’ll claim there’s a problem that needs your attention – a security breach or an overdue tax bill.
• Pressure: the message may contain calls to act instantly or refer to a deadline like “act before your account is suspended”. You’ll feel like you have to act quickly, which could mean you don’t fully think it through. 
• Pay: this is the end goal – whether you click on a link that leads to a malware download or a malicious site, provide sensitive information like passwords or bank details, or even make a payment.

Want to know more on what to look out for? It’s good practice to get used to recognising online scams, and spotting suspicious-looking messages is the first step. For example, if you were asked which of the following emails is most likely a phishing attempt – which would you choose?

1. Your bank requesting your password.
2. A HMRC email with the subject line “Immediate action required”.
3. A parcel company claiming you need to pay charges before they can deliver your order.
4. Your car insurance provider encouraging you to update your information addressing you as “account holder” and containing some obvious typos.
5. A brand you frequently shop with promoting an unbelievable offer if you follow the link.

The answer is actually: all of them. Every one of the above is a common type of phishing tactic which scammers frequently use. 

Phishing Scams 2025

The good news is that avoiding phishing attacks can be easy, once you know how. In their identity theft protection effort, the National Cyber Security Centre advises to look out for the following telltale signs:

• Urgent or threatening language – encouraging you to “act now”.
• Requests for personal information – most companies will never ask you for passwords or pin numbers.
• Suspicious links or attachments – hover over the link to see where the link will take you. Unless you recognise it as a legitimate website, don’t click on it.
• Spelling and grammar errors – a sign of unprofessionalism, something reputable companies avoid.
• Generic greetings – most brands will use your name.

And, it’s not just email phishing that these apply to. You’ll find similar scams being used over text messages and calls, too.

What is Smishing?

Smishing is phishing over SMS or text message. But what might an example of smishing phishing look like? Much like emails, it can be any message claiming to be from a trusted source. 

Smishing scams 2025:

• A fake text claiming to be from your bank asking you to click a link to “verify your account”.
• A message purporting to be a delivery company “unable to release your parcel unless you pay a charge”.
• AI-personalisation creating convincing messages that reference your name or other personal information, or social media posts.

Many people ask: “is smishing the same as spoofing?” And while they aren’t the same, spoofing is a type of smishing. While smishing is the act of sending texts to scam you, spoofing is specifically the act of faking a sender’s identity, pretending to be a company you use or a person you know.

What Happens If You Click on a Smishing Text?

If you open a link in a smishing text, it might download malware or direct you to a fake site that steals your login details. Anti-virus company Norton share what can happen, including:

• Data exfiltration: if a phishing link infects your device with malware, an attacker may be able to transfer data from your device to a remote account in order to steal personal files and information.
• Keystroke logging: this software records what you type on your device, meaning it records sensitive information like your passwords and credit card information and sends it to the scammer.
• Remote control access: this allows hackers to remotely control your device. They may be able to track your activity, access files, or use your webcam to take screenshots or record you.
• Takes you to a spoofed website: essentially a faked website that may look very close to its legitimate counterpart. This may trick you into entering personal data like banking details or passwords, which hackers can then steal.

What Should I Do If I Get a Smishing Text?

If you’ve received a smishing SMS, take steps to protect yourself:

1. Don’t click on any links.
2. Don’t provide any personal information.
3. If you’re unsure, use official contact information to get in touch with the company to verify the message.
4. If you think it’s a scam, report and block the sender. 

How to report a scam? The National Cyber Security Centre advises: ‘Most phone providers are part of a scheme that allows customers to report suspicious text messages for free by forwarding it to 7726’.

What is a Vishing Scammer?

Vishing is phishing over a phone call, or voice call. Someone may phone you pretending to be from a trusted company or bank, to try and trick you into giving personal information. And what about a vishing example? Just like phishing and smishing do, they may say you need to update your details, or urgently pay a fee.

Vishing scams 2025:

• A scammer calls pretending to be your bank, saying there’s “suspicious activity” on your account and asking for your card number.
• You get a call from a friend asking for an urgent loan as they’re stuck somewhere and unable to get home.
• A caller claims you’ve won a competition, but you need to pay a fee before they can release the prize.