Phishing is one of the most common forms of cyberattacks used to steal personal information. In fact, this technique exploits psychological manipulation to make victims panic, act hastily, or believe that the message they received is from a trusted source.
One of the most widespread phishing examples is through WhatsApp or SMS, where victims are tricked into clicking a suspicious link that’s actually a trap. The three channels most frequently used by phishers are email, phone calls, and WhatsApp messages. Let’s break them down one by one.
You receive an email with a professional layout, including a bank logo and an email address similar to the bank’s official domain (e.g., info@bank-service.com). The email states that your account has been temporarily frozen and asks you to click a link to reactivate it.
Once you click the link, you’re directed to a fake login page that mimics your bank’s website. After entering your PIN, password, and card number, your data is immediately harvested by the scammer.
This phishing tactic usually targets job seekers who may have submitted their personal information on job boards or during career fairs.
You receive an email from a well-known company containing a job interview schedule and an attachment (PDF or Word doc). However, the file contains malware that infects your device and steals sensitive data like documents and saved passwords. Warning signs in phishing emails include:
A spoofed sender email address
Urgent text like “Your Account Will Be Blocked!”
Links that lead to suspicious URLs when hovered
Hidden malicious files (e.g., .pdf.exe, .docm)
You receive a call from someone claiming to be from your bank, warning of suspicious activity on your account. They ask you to provide an OTP that was just sent to your phone “to block the transaction.” But once you give them the OTP, they log in and hijack your bank account.
You receive a threatening call from someone posing as a tax officer. They say you have outstanding taxes and face fines or legal consequences. To avoid this, you’re asked to transfer money to a “government account” or update your tax info via a suspicious link.
Typical signs of phone phishing:
Caller claims to be from a government or financial institution
The number is a regular mobile number, not official
The caller uses urgent or threatening language
They ask for personal data or demand money transfers
This tactic relies on creating panic. Stay calm and observe the signs.
You get a message from an unknown number claiming to be an old friend or colleague who “lost their phone.” After some small talk, they ask for emergency financial help, promising to repay you later.
This plays on emotional manipulation and urgency to trick you before you realize the scam.
You receive a forwarded message claiming you won a prize from a big brand. You’re asked to click a link and fill in personal data. Don’t believe it—your data is being harvested.
Scammers create fake business profiles mimicking official e-commerce customer service. When you file a complaint, they ask for full personal details, including OTP, under the guise of “verification.” In reality, they’re taking over your account.
Red flags in WhatsApp phishing include:
Unknown numbers pretending to be friends or institutions
Suspicious links
Fake business accounts without the official green verification checkmark
Requests for OTP or sensitive data via chat
No official institution will ever ask for your OTP by phone, email, or chat.
If in doubt, call the official number or visit the official website. Don’t reply to suspicious messages or click unverified links.
Phishers use panic or empathy to get quick reactions. Stay calm and think clearly.
Replace OTPs with technologies that can’t be spoofed—like biometrics and device-based authentication.
Phishing tactics continue to evolve and now even use deepfakes to visually or audibly deceive victims. Businesses must move toward more secure authentication methods, such as biometric and device-based solutions that eliminate the need for OTPs and passwords.
VIDA FaceToken uses face recognition and liveness detection to ensure only the real user can access the account. It can detect deepfake or video spoofing. No OTPs involved—making it more secure against phishing, social engineering, and SIM swaps.
VIDA PhoneToken links your account to your device via Public Key Infrastructure (PKI). The account can only be accessed from the registered device. Even if OTPs or PINs are stolen, attackers cannot log in from a different device.
PhoneToken and FaceToken work together to protect access with real-time biometric verification.
When a business secures user access with biometric and device authentication, it shows they are aware of—and actively protecting against—the phishing threats mentioned above.