Phising, Vishing & Smishing: Don't be a Victim

The title of this article may sound like a bad Dr. Seuss book, but the topic is far from child’s play. Since the beginning of time there has never been a shortage of criminals looking to dupe some unsuspecting person out of their money or belongings. While this tragic story never changes the methods that criminals use has evolved at the same pace of technology. The internet is very much like the early wild west and policing it isn’t an easy business for any country.

Never in human history has the world been so connected as it is today. Information is shared at the speed of thought which can be both a good and bad thing. All this connectivity makes it much easier for criminals to locate, pilfer, steal or extract vast amounts of personal information like email addresses, phone numbers and more. Social media platforms like Facebook and Instagram make it easier for thieves to find person data if your account isn’t properly protected or restricted.

The best attitude to adopt is one of suspicion when dealing with an unexpected email, phone call or text telling you that “you must take immediate action” or face penalties or imprisonment. If it seems fishy - go with your gut and don’t give these low-lives the time of day. They are very skilled with manipulating people into a false sense of trust to gain personal and financial information. Don’t be a victim!

Some of the latest trends include phishing, vishing and smishing. Arming yourself with knowledge on these latest threats can help keep you from becoming the next victim.

Phishing

The fraudulent practice of sending emails purporting to be from reputable companies/organizations to trick individuals into revealing personal information, such as passwords, bank accounts and credit card numbers.

Yes, people still fall for these type emails. Why? Hackers do their homework and have become very sophisticated in their attack methods. They will research an organization, many times from that organization's own website, figure out the chain of command and then attempt to send a spoofed email from what appears to be the CEO or top management to someone in the accounting department requesting a money transfer or credit card information. Many times, the email is so convincing that even the accounting folks miss the fact that it isn't legitimate.

How do you protect yourself from these type threats? In a word: Validation. If you receive an email and it seems to be an out of the ordinary request from a CEO or someone in management, simply pick up the phone and verbally confirm whether the request is legitimate or not.

Enhanced spam filtering is also an excellent way to help filter out deceptive emails. While there is no spam filtering solution that can catch every possible phishing email on the internet taking additional steps to help filter the junk out does reduce the chances of you or someone else in your family or company from being the next victim in line.  Keep in mind that hackers are constantly changing their phishing methods to circumvent spam filtering protocols.  Solutions like logimail can greatly reduce the chances of a scammer's email making it into your inbox.

Vishing

This is a form of phone fraud where a criminal will call you directly or indirectly using a robo-dialer, disguising themselves as a representative of a legitimate company/organization like Apple, Microsoft, the IRS, etc. in the hopes of fearing you into disclosing your personal information. They create a false sense of urgency as if your life or freedom literally depend on it.  It doesn’t.

Let’s face facts: The IRS will never call you stating you owe them money. They will always send a letter via snail mail. Microsoft is never going to call you directly about an infection on your PC.  Apple is never going to call your cell number and tell you that someone is trying to hack your account. You get the point. If you receive an unsolicited call from someone and can’t validate who is on the other end - just hang up! No one is coming to arrest you.

Be smarter than the criminals. If someone calls you saying they are calling for a family member that is in the hospital and needs cash transferred right away for an operation, your scam meter should be going off like crazy. Hang up and call that family member to make sure they are OK.  Trust me…they are OK.

If you are ever prompted to “Press 1 for an agent” or “Press to be removed from our call lists” - don’t press anything and hang up. Pressing a button can act as verification to a robo-dialer that it has reached a legitimate number. It can also act as a trigger for something other than what is being verbally stated (i.e., pressing 2 verifies that you want a certain service activated on your phone account). Simply hang up.

Don’t forget you can easily block a number on your connected device.  Below are links for doing this on an Apple or Android device.

How to block calls on an Apple device

How to block calls on an Android device

Smishing

This is a type of phishing attack be instead of targeting victims via email the scammers instead target mobile phone users by sending text messages that contain a website hyperlink. If clicked, it can deliver a payload/Trojan horse that can infect a mobile phone much the same way that a virus can infect a computer.

Criminals will also send text messages stating they are with a credit card company and that you are being penalized for late fees. Other will say “Congrats! You’ve just won blah, blah blah - just reply to this text…”. In short, the texts are used as bate to trick someone into clicking, replying or divulging personal information either directly or indirectly via an infection.

The simple rule to follow is that if you don’t know the text sender - delete the text. If your credit card company needs to reach you they will contact you via snail mail or via a verifiable phone number. If an offer seems too good to be true it is almost always is too good to be true.  Don’t forget you can also block the sender’s phone number.

Be wise. Be vigilant. Be smart.

Logical specializes in protecting our clients through managed services, spam filtering, antivirus solutions, backups and more. Give us a call at 615-446-9140 for a free, no obligation consultation on how we can help protect you from the bad guys.