Phishing attacks are one of the most effective ways to breach your company.  And they are evolving, changing, and growing increasingly sophisticated and complex.

Smishing and vishing attacks are two relatively new types of phishing attacks, Although they are becoming more and more popular as they try to lure unsuspecting victims via SMS messages (Smishing) and voice calls (Vishing).

 

Vishing

Vishing is a cybercrime that utilizes the phone to steal personal confidential information from people.  Known as voice phishing, cyber attackers use social engineering tactics to trick victims into giving up private information, company passwords and info, and even bank account information.

It relies on convincing the victim that they are doing the right thing by responding to the caller. Often the caller will pretend to be calling from a vendor, government, police, colleague, or even the victim’s bank.

Another tactic is to use threats to make victims feel like they have no other option than to provide the information being asked.  Some criminals use forceful conversations and frame their discussion as if they are trying to help the victim avoid a big mistake or even criminal prosecution.

Cybercriminals sometimes leave threatening voicemails that tell the recipient to call back immediately or risk being arrested, having bank accounts shut down, or worse.

 

Common vishing techniques

• Wardialing: The cybercriminal uses software to mass dial specific area codes, using a message that involves a local business, bank, police department, or locally known organization.
• Caller ID Spoofing: The cybercriminal hides behind a fake phone number spoofing the caller ID so the caller looks like a legitimate and common business.
• Dumpster Diving: Cyber criminals will also dig through dumpsters behind banks, office buildings, and random organizations. These criminals are looking for information that can lend credibility to the vishing phone calls.

 

How to prevent vishing

As part of your ongoing cybersecurity efforts, remind your team about the threat of vishing attacks.  Here are a few ideas to help prevent vishing:

1. Always be careful when answering phone calls from unknown numbers
2. Ask questions and be willing to end the conversation if needed
3. Never provide personal information over the phone
4. Listen carefully to the caller, and pay attention to the language used
5. Be Leary of threats and urgent requests
6. Watch out for any language that takes the tone of fear or threats or overly asks for trust or the need to help others
7. Never agree to transfer funds to anyone unknown
8. Do not respond to emails or text messages asking for your phone number

 

Smishing 

Smishing is phishing primarily through text messages on mobile devices.

Like phishing emails, smishing texts are socially engineered scams to manipulate people into turning over sensitive info.  This includes credit card numbers, Social Security numbers, passwords, or information required to access a company’s network.

 

Scam Smishing Text includes:

• This an urgent message about your credit card
• You won a prize
• Unusual account activity
• Your package is pending
• The bank is closing your account
• Phone number proximity scam
• Fake messages from trusted brands

 

What Can You Do to Avoid Being Smished?

Even though it is impossible to fully stop all smishing attacks. Here are several ways to protect yourself and your organization.

• Do not respond to text messages from people you don’t know
• Never click on links within a text message
• Don’t offer any information on websites visited through text messages
• Never reply to or take action requested by companies via text message (call them instead)

Conclusion

Vishing and smishing are considered social engineering and, like phishing, are based on many of our weaknesses as humans.  These methods are some of the most sophisticated and successful methods to convince/trick you into giving up important personal or business information.

Don’t click, answer the phone, or ask any personal questions when you are in doubt.  Especially if you are not 100% sure of the source.

If you think you may have inadvertently clicked on a corrupt link, immediately reach out to your IT department.

Start A Conversation

Or go to our website to learn more about proper cyber security protocols: Imagine IT/Cyber Security.