Vishing and SMiShing

A Closer Look


Voice phishing by phone—or vishing—is the deceptive practice cybercriminals use to trick individuals into giving up valuable information. While anyone can be a target, fraudsters often single out employees at businesses because successfully scamming a company provides the best opportunities for large financial gains.

Customer service and IT help desk personnel are at particular risk of being targeted, because they have access to information thieves want. This includes employee email addresses, IDs, phone numbers, financial accounts and routing numbers, names and addresses of vendors—and anything else that can further their scams.

Voice phishers are skilled at the art of deception and can be very persuasive. They also do their homework, using company web sites, LinkedIn and social networking accounts to prepare their scams. In one convincing phone call, a skilled cyber thief can learn enough to launch a spear phishing attack or further a business email compromise scam.

In one convincing phone call, a skilled cyber thief can learn enough to launch a spear phishing attack or further a business email compromise scam.

Pretending to be a remote employee, they might request a password reset that gives them access to email and the company network. But you can prevent these and other vishing attacks by following these tips:

  1. Verify the caller’s name, company, title and phone number. If the information isn’t forthcoming, politely end the call.
  2. Listen for fraud techniques like mumbling responses to security questions. Scammers that don’t know the answers will do this hoping you’ll accept a garbled response and move on.
  3. Know that some voice phishers will pretend to represent a deaf or special needs person, using this as an excuse for being confused about answers to security questions.
  4. Understand that poor audio quality and unfamiliar dialects may also be signs of vishing.
  5. Most importantly, never give out sensitive information without verifying the caller’s identity.

Phishing by text—or SMiShing—is another type of phone-based scam used to target businesses and individuals. In a typical attack, the target receives a text from what appears to be a legitimate source, like a financial institution. The message will have an urgent tone and include a link that, when clicked, will lead to a malicious site requesting account information. Once it’s entered, the attacker has it.

In other attacks, clicking a link may install malware that gives the cybercriminal access to the phone and the information on it. You can avoid being SMiShed by following these tips:

  1. Be wary of any text that asks you to respond immediately or threatens dire consequences if you don’t act right away.
  2. Distinguish between legitimate texts that ask you to enter verification codes before they expire and malicious texts that demand immediate action.
  3. If you use your phone for business, be extra cautious about SMiShing attempts that ask for email resets or other sensitive account information.

Vishing and SMiShing attacks can do great harm to a company, its customers and its reputation. Being prepared and aware can help you prevent them.

Click For More Content About Vishing and Swishing



Related posts