Phishing attacks are one of the most effective ways to breach your company, and they are evolving, changing, and growing increasingly sophisticated and complex.
Vishing and smishing are two relatively new types of phishing attacks that try to lure unsuspecting victims via SMS messages (Smishing), and voice calls (Vishing).
Vishing is a cyber crime that utilizes the phone to steal personal confidential information from people. Known as voice phishing, cyber attackers use social engineering tactics to trick victims into giving up private information, company passwords and info, and even bank account information.
Vishing relies on convincing the victim that they are doing the right thing by responding to the caller. Often the caller will pretend to be calling from a vendor, government, police, colleague, or even the victim’s bank.
Another tactic is to use threats to make victims feel like they have no other option than to provide the information being asked. Some criminals use forceful conversations and frame their discussion as if they are trying to help the victim avoid a big mistake or even criminal prosecution.
Cybercriminals sometimes leave threatening voicemails that tell the recipient to call back immediately, or risk being arrested, having bank accounts shut down, or worse.
Common vishing techniques
- Wardialing: The cybercriminal uses software to mass dial specific area codes, using a message that involves a local business, bank, police department, or locally known organization.
- Caller ID Spoofing: The cybercriminal hides behind a fake phone number spoofing the caller ID so the caller looks like a legitimate and common business.
- Dumpster Diving: Cyber criminals will also dig through dumpsters behind banks, office buildings, and random organizations. These criminals are looking for information that can lend credibility to the vishing phone calls.
How to prevent vishing
As part of your ongoing cyber security efforts, remind your team about the threat of vishing attacks. Here are a few ideas to help prevent vishing:
- Be careful when answering phone calls from unknown numbers
- Ask questions and be willing to end the conversation if needed
- Never provide personal information over the phone
- Listen carefully to the caller, and pay attention to the language used
- Be leary of threats and urgent requests
- Be wary of any language that takes the tone of fear, or threats or overly asks for trust or the need to help others
- Never agree to transfer funds to anyone unknown
- Do not respond to emails or text messages asking for your phone number
Smishing is phishing primarily through text messages on mobile devices.
Like phishing emails, smishing texts are socially engineered scams to manipulate people into turning over sensitive info, credit card numbers, Social Security numbers, passwords, or information required to access a company’s network.
Scam Smishing Text includes:
- An urgent message about your credit card
- You won a prize
- Unusual account activity
- Your package is pending
- Your bank is closing your account
- Phone number proximity scam
- Fake messages from trusted brands
What Can You Do To Avoid Being Smished?
Even though it is impossible to fully stop all smishing attacks, here are several ways to protect yourself and your organization.
- Do not respond to text messages from people you don’t know
- Do not click on links within a text message
- Do not offer any information on websites visited through text messages
- Do not reply to or take action requested by companies via text message (call them instead)
Both Vishing and smishing are considered social engineering and, like phishing, are based on a lot of our weaknesses as humans. These methods are some of the most sophisticated and successful methods convince/trick you into giving up important personal or business information.
If you are ever in doubt, don’t click, answer the phone, or ask any personal questions … especially if you are not 100% sure of the source.
If you think you may have inadvertently clicked on a corrupt link, immediately reach out to your IT department.
Or go to our website to learn more about proper cyber security protocols: Imagine IT/Cyber Security