Vishing and Smishing: What You Need to Know
It would be great if technology could solve all of our cybersecurity problems. However, at the end of the day it all comes down to people. 82% of breaches involved the Human Element, including Social Engineering Attacks, Errors, and Misuse.
Let’s review some types of social engineering attacks and what you can do to protect yourself and your organization.
Voice Phishing (Vishing) and SMS Phishing (Smishing)
· Vishing - Scammers use phone calls or voice messages to impersonate legitimate businesses and trick you into revealing personal information. These fraudulent calls could be made by actual people or robocalls. They may also spoof phone numbers that belong to real companies or individuals to deceive you.
· Smishing - Scammers send phishing messages via text messages or messaging apps to your smart phone. You are prompted to open a link to access a website or app. The link may take you to a login page to enter your username and password, a form to provide your personal information, or a malicious app that infects your device.
Demands for payment.
The scammer pretends to work for a government agency such as the IRS and tells you that you owe money. They may threaten that you will be fined or even arrested if you do not pay.
Account verification.
The scammer poses as an employee of your bank or credit card company and states that they noticed unusual activity on your account. You are asked to provide personal information to verify your account.
Order/shipping confirmation.
The scammer sends you a link to track a package or confirm your order, even though you did not order anything recently. The link may ask for your username and password or install malicious software on your device.
Winning a prize.
The scammer informs you that you won a contest. From there, they may ask for personal information or walk you through accessing your bank account so you can receive a deposit.
Tech support.
The scammer offers to fix a computer problem that you didn’t even know you had. They may ask you to visit their support website, install software to give them remote control, or provide them with your accounts and passwords.
How to Protect Yourself from Vishing and Smishing Scams
Pause, think, and act. Scammers will stress a sense of urgency to trick you into doing what they want. Don’t take the bait. Take time to think about what you are being asked to do and why before you take any actions. Think twice before clicking on links in text messages.
Do not answer the phone or respond to texts from unknown numbers. If the scammers can’t reach you, they can’t trick you. If you do answer the call, hang up immediately.
Keep your personal information private. Never give out personal information such as account numbers, Social Security numbers, passwords, or Multi-Factor Authentication (MFA) codes to unknown people.
Verify the source. If you receive a message from someone who says they represent a company or a government agency, hang up and contact them by using the contact information posted on the organization’s website.
Enable strong security on your accounts. Creating strong and unique passwords is still a security best practice for protecting your personal and financial information. If you have difficulty creating unique passwords for each of your accounts, consider using password generators and managers to develop more complex passwords and store them securely as well. Enable MFA when available as an added layer of protection for your online accounts.