It sounds like the title of a nursery rhyme you’ve never heard of, but phishing, smishing, and vishing are the most prevalent methods of identity theft likely to affect your customers.

Your business relationship could be at risk too in the event that it’s your information cache that was stolen and used to defraud them.

Phishing, Smishing and Vishing

While you can’t do much to prevent the inevitable attacks that may descend upon your clientele, you can certainly keep them informed about these criminal tactics and increase the chances that they won’t be victimized.

The three different words are really a way to divide what’s virtually the same scam but by the device or devices used to achieve it. Essentially phishing is strictly via email, and is probably the one you’re most familiar with.

Smishing is performing the same scam but through text messages and vishing is integrating traditional telephone use into the performance.

They’re all the same in that the goal of all three is to pretend to be the potential victim’s trusted financial institution and talking them into giving away their personal finance information.

The first tip you can forward to your customers is to simply never provide their financial information to anyone via email and text message, period.

The phone as well, but an exception can be made if they’re the ones making the phone call. Oftentimes with email and text the language and graphics and what not can make them look very legitimate and replying with sensitive information seems acceptable.

Make the rule simple: don’t ever give out your information over electronic means, unless you are the one initiating the conversation.

The second easy thing to remember that’s worth telling others are always be on the look out for discrepancies. These aren’t easy for everybody to notice, but oftentimes these scams originate outside the country and English is not the perpetrator’s native language.

The result is often questionable language and phrases that simply don’t add up to what you tend to expect from a bank or credit card company.

Make it clear to them that if either of these institutions were to in fact contact them, it will be in the most professional and polished way possible, because that’s simply the benchmark for established business (no bank worth its salt is ever going to send out an un-proofread email asking its customers to send back their account numbers.)

Finally recommend ways for them to do a little of their own detective work, because if anything motivates people to unknowingly allow themselves to be victimized this way, it’s the uncertainty as to whether or not it was a legitimate contact.

Suggest reverse phone lookup for potential vishing activity, or tell them to copy and paste a suspicious email into Google. Oftentimes others have too and a mass email scam will reveal itself pretty quickly.

Don’t undervalue this kind of proactive business practice, even if you aren’t at risk yourself. If it’s your database that’s broken into and your customers are victimized, they might take it out on you. Don’t say “I told you so”, but don’t get caught saying “I should’ve warned you” either.