top of page
  • Lo Furneaux

What are Phishing, Vishing and Smishing?

Report your lost or stolen cryptocurrencies, NFTs or other digital assets

A large part of protecting your cryptocurrencies, non-fungible tokens (NFTs) or other digital assets from being lost or stolen is understanding the common types of scams being used to take them.

Phishing, vishing and smishing attacks are social engineering techniques that are often used by hackers who want access to the personal, financial or technical information that will allow them to steal your identity, your access or your digital assets.


Phishing attacks are when hackers use email messages designed to trick you into clicking on a fraudulent link or confirming sensitive information, like your date of birth, seed words or wallet address.

Hackers that use phishing attacks will often pose as trusted authority figures like police officers, government officials or even Asset Reality employees! They’ll often use urgent language and threats of negative consequences to force you to act quickly without thinking.

Spear-fishing is a tailored method of phishing aimed at a specific target, like senior staff members and new or low-level employees. The scammer will have learned certain detailed information about the target, making their scam more believable and much harder to spot. There is also Whaling, an advanced form of spear phishing that targets high-profile individuals like CEOs, celebrities or government officials.

How to Avoid Phishing

Stop and think before you do anything.

Check the email address on every message you receive very carefully. Pay close attention to the spelling, check for any unexpected numbers or symbols and make sure that the domain is still intact (.com, or .org etc.)

Set up 2-factor authentication (2FA) with an authentication app on all of your email accounts for an extra layer of security. You should also install reputable anti-virus software onto your devices and keep it fully updated.

Avoid clicking on any suspicious links, especially if they have been sent from an unfamiliar or unexpected source, and do not open any attachments as they may be used to scam you further. If you receive an email that you suspect is fraudulent, please forward it to and delete it without opening it.


Vishing attacks are when hackers try to use telephone calls or voicemails to steal your information. They’ll often use pre-recorded lines or robocalls and pretend to be representing a legitimate business. These calls will usually claim to help you with urgent and time-sensitive issues like compromised credit cards, medical issues or a recent car accident.

How to Avoid Vishing

Be suspicious of any unsolicited calls.

Don’t give out any personal, technical or financial information on incoming calls. If you do need to speak to the business being represented, always hang up and contact the organisation directly using official channels.

You may wish to sign up for your local area’s Do Not Call Registry or the Telephone Preferential Service from BT to block calls from known scammers.

Get into a habit of googling unfamiliar numbers before answering or calling back as the majority of vishing scams will have already been reported online by other victims. You can use several websites to verify how many reports have been submitted for a specific phone number.


Smishing attacks when hackers will use text or social media direct messages to try and steal your personal, financial or technical information. They will often contact suspicious links to malicious websites.

How to Avoid Smishing

Stop and think before you do anything.

Do not respond to unrecognised numbers. Sending any response will alert the scammer that your number is active and open you up to other hacking techniques like sim swapping.

If you are expecting a message from a trusted party, you should always contact them directly through official channels.

Avoid clicking on any suspicious links, especially if they have been sent from an unfamiliar or unexpected source, and do not open any attachments as they may be used to scam you further.

Make sure to keep your phone’s operating system fully updated to secure your devices against smishing attacks.

Keeping Yourself Safe

It can be very difficult to differentiate between fraudulent and genuine emails, calls or text messages.

Always carefully check the sender’s address or phone number and be suspicious of any unexpected contact from an unrecognised source that stresses an urgent need to obtain personal, technical or financial information from you.

Check every incoming contact for spelling and grammatical errors and check any links or attachments before clicking or responding.

For More Help…

Check out our education centre to learn more about protecting yourself and your cryptocurrencies, non-fungible tokens (NFTs) or other digital assets.

bottom of page