← All articles

Smishing and vishing: phishing by SMS and phone call

GottaPhish Team · May 27, 2026

Phishing doesn't only arrive by email. Increasingly, scammers reach people through text messages and phone calls — two channels most of us instinctively trust. Understanding how these attacks work is the first step to staying safe.

What is smishing?

"Smishing" is phishing that arrives as an SMS or text message. Because texts feel personal and urgent, people tend to react quickly — which is exactly what the scammer wants.

Common examples include:

The link usually leads to a convincing fake website that captures your login details, card number, or personal information.

What is vishing?

"Vishing" is phishing by voice — a live phone call or a voicemail. The caller often pretends to be from your bank, a delivery company, tech support, or even a government office.

The goal is always the same: create pressure so you act before you think.

Typical tactics include claiming your account has been hacked, that you owe money, or that you must "verify" your identity by reading out a code or password. Some scammers now use AI-generated voices to imitate a real person you know.

Warning signs to watch for

You don't need technical skills to spot most of these attacks. Slow down and look for the red flags:

The one-time code trap

Be especially careful with the six-digit codes sent to log in or confirm a payment. A scammer who already has your password may call and ask you to "read back the code we just sent." Handing it over lets them straight into your account.

What to do instead

The safest habit is simple: stop, and verify through a channel you trust.

If you think you've been caught

Mistakes happen, and acting fast limits the damage:

Reporting isn't about blame — it helps protect everyone else who might receive the same scam.

How GottaPhish helps

Smishing and vishing exploit the trust we place in texts and phone calls, reaching people on channels email defences never see — and GottaPhish, together with our expert support team, helps you address exactly that. Our realistic simulations include SMS and voice-style scenarios so employees learn to spot the pressure tactics behind these attacks in a safe, no-blame environment, backed by practical awareness training and clear dashboards that track progress over time. Our support and experts team works hands-on with you to design believable scenarios, set up campaigns, and interpret the results, so your whole team stays alert across every channel.