If you’re a daily reader of IT security and tech news, you have a good idea of phishing and spear phishing attacks. Nonetheless, even if you’re perfectly acquainted with these widely deployed social engineering schemes, you should be on the lookout. Frauds are evolving, much like malicious attacks. As a result, new crook techniques surface both the online and offline parts of your reality.
Meet vishing and smishing. Or better not. This article will help you understand how these tactics work, so that you don’t get tangled in their dirty tentacles.
The very first thing to mention is that all forms of social engineering have one thing in common. That thing is your personal information, and respectively, your money. It’s the techniques of getting hold of it that differentiate phishing, vishing, smishing, etc. You shouldn’t be that surprised of the high value of your own information. It costs more than you (we) can imagine. It’s the bargaining chip that sits in the center of the table. And all eyes are on it!
Read More about Spear Phishing and Malware
Many users believe that they’re too smart to fall victims to social engineering’s various schemes. But crooks don’t sleep and they constantly come up with new ways of getting what they want. New attack vectors such as vishing and smishing appear and prove that no one is too smart to avoid scams.
So, the question we should all be asking (and answering steadily) is…
What Should I Look for to Recognize Vishing and Smishing Scams?
To be more accurate, we should now say that vishing and smishing are not completely new to the world of scams. However, we have seen an uptake in these scams, which has led to millions of dollars being stolen from victims.
What Is Vishing?
Vishing, or voice phishing, is any attempt of fraudsters to persuade the victim to deliver personal information or transfer money over the phone. Hence, “voice phisihing”. You should be very careful with any unexpected calls from unknown numbers. Fraudsters have learnt how to be extremely persuasive, as they have adopted various techniques to make their scenarios believable.
Be wary of the following:
- The caller knows a lot about you. Before reaching out to you, the fraudster has already done his job and has access to your name, address, phone number (obviously), and in many cases, banking information. If a caller knows so much about you, he can’t be a scammer. Well, think twice. In a single case told by BBC’s Marie Keyworth, a victim of vishing was successfully persuaded to transfer £100,000 into the scammers’ bank account!
- The caller is pressuring you to do something quickly. In the case mentioned above, the victim was made to believe her money was in danger and that she needed to act immediately. Using fear to make a person do something is a well-played psychological trick. Always question what you are told. You better be the psychologist, not the patient, so to speak.
- The caller is calling from a believable phone number. Why is that? Two words – phone spoofing. The number will be made to look like it’s coming from a trustworthy entity, so that you answer the call. The second you answer, the fraudster has done half of its job. It’s up to you whether he will finish what he has started or not.
- The caller is holding the line. Why is he doing so? In case you call your bank, for example, you will be put straight back to the scammer.
- The caller is calling from a noisy place. This is also a trick. The scammer knows that everything should sound believable, and he can play a CD with sound effects to make it look like he’s calling from a call center. Well, in fact, he may be calling from a call center! Because of the success of social engineering scams, becoming a scammer can be a luring career. Don’t get the wrong idea, though!
Shortly said, don’t reveal any of your personal information over the phone! And keep in mind that vishing scenarios may also involve you as a PC user:
Dell Tech Support Scams Point at a Major Customer Data Breach
What Is Smishing?
As you may have guessed, smishing comes from “SMS phishing”. Smishing is any case where sent text messages attempt to make potential victims pay money or click on suspicious links. Smishing scenarios may vary. Scammers can send a text message to a person and ask them to call a particular phone number. If the person actually calls the number… smishing may just turn into vishing!
If you receive a dubious text message from an unknown source, be on alert! If you’re in doubt that the sender may be an institution like your bank, call and double-check. But don’t do anything unless you are ten thousand per cent sure it won’t back-stab you.