Have you heard about vishing or smishing? Well, the FBI’s Internet Crime Complaint Center has. The agency says vishing and smashing, along with the better-known phishing, claims the most victims of any type of Internet crime.
But what are vishing and smishing?
Vishing is a fraud technique very similar to phishing, except that it’s done over the phone.
In this kind of attack, a series of automated voice messages coax the unsuspecting victims to reveal confidential information. The criminals behind vishing are crafty, and they are leveraging VoIP (voice over Internet protocol) to carry their scams out.
The scheme is web-based, so the scammers have plenty of software available that simulates customer service lines.
Most of these scams come in one of two flavors:
- 1. An email reaches the prospective victim. It asks them to surrender some personal information over the phone. A phone number is provided to the target, so they call a VoIP that is posing as an official institution. When the call happens, a series of voice instructions squeeze account numbers, passwords, and other vital data from the victim.
- A phone call reaches the victim. It can be a real person or an automated call. The victim receives instructions to follow directions that, supposedly, will help them secure their accounts. In this case, the visher has already collected some information about the victim, so he probably knows something about accounts and credit card numbers. That information makes the scammer’s position more credible as it seems trustworthy and professional. The call comes out of a VoIP server and not a company, of course.
COVID-19 vishing scams
The COVID-19 pandemic has changed everything. Life is different in every country globally, and highly sophisticated scams are also riding the COVID wave.
As if the CDC (Centers for Disease Control and Prevention) didn’t have enough to do these days, they have had to come out and advise the public that some people are getting calls with caller IDs that seem to originate in the organization. Voice mail messages are included in the spoofed-number scam. They pretend to be from the CDC to take advantage of the general sense of vulnerability that the pandemic has spread among the public. And because the call seems to come from the CDC, people who wouldn’t otherwise answer the phone, do pick up in this case.
Did you get a call from the Social Security Administration, Medicare, the IRS, or another governmental agency? Ask yourself this: When did you set up an appointment with them? The answer is vital because official agencies will never initiate contact unless you have a pending appointment. In other words, you’re getting vished.
You can avoid the scam by following a simple common-sense rule: never give out any personal information over the phone. Ever. Even if Mother Teresa comes back from the dead and calls, you keep your personal information close to your chest. Even if they show you that they already know a few seemingly relevant details about yourself, you just hang up, notify the authorities, and do not answer another call from that number again.
Smishing is phishing, no more, no less, but with SMS and text messages. Fraudulent emails have been going around for decades, so most people are aware of them to a certain extent. Also, text messages are inherently more personal communication methods for most people, so it’s harder to be on your guard when you are being scammed through text messages instead of email. And that’s why smishing works; it allows smishers to leverage that “confidence” in text messaging against their victims so they can be persuaded to steal the victim’s identity.
In these schemes, the victim gets a link from a “company” and instructions to open it because otherwise, they will be charged a daily service fee. As they open the link, they are prompted to provide personal information.
Another scheme takes advantage of people’s greed. The victim gets an SMS from a supposed financial institution claiming that the recipient has received a reasonably juicy transfer. So, the victim is prompted to open the link and provide some additional information “needed” to complete the transfer.
If any SMS reaches you with an urgent security alert or coupons that need immediate redemption, be suspicious. Even more, any message asking you to update your account information or confirm a pin will rarely be authentic. We use the word “rarely” to be sure we are not exaggerating, but its chances of being legit are practically zero.
Also, don’t be greedy. There is no such thing as a free lunch, let alone an unexpected transfer of money that you never expected to come out of nowhere.
Tools against vishing and smashing
Everyone is susceptible to vishing and smishing attacks because everybody has bad days and can be caught off-guard at some point. That being said, it’s the youngest and the elderly who tend to fall more often for these scams. And the scammers succeed much more often than you would suspect. A study in 2018 found that half of the businesses in existence fell victim to one of the schemes. This high success rate on businesses has everything to do with the fact that every chain is as strong as its weakest link. Organizations include a lot of people, and people make mistakes.
So the first line of defense against these scams at the institutional level has to do with awareness and education. Companies need to clearly lay out the best practices for general safety, instruct employees on reporting suspicious messages, and have proper communication channels to exchange sensitive information.
Firewalls are helpful, too, because they can prevent malware from arriving in a network.
But this kind of scam doesn’t rely that much on technology. Yes, it’s performed on technological platforms, but it succeeds because of user unawareness. So being alert is the primary way to prevent a tragedy. Being humble helps too. Never think you must be immune to a scam because you’re so intelligent. You’re playing into the scammer’s hands.
Best advice: Stay vigilant
Vishing and smishing scams are essentially phishing scams that use phone calls or text messages, respectively, to persuade their pool of unsuspecting victims to give up crucial personal information that can lead to identity theft.
Staying safe from these kinds of scams is not that hard. You just need to be aware. And even people who are not aware of these things can stay safe by simply applying common sense to their personal information. Your accounts, passwords, social security number, credit card details, and other sensitive personal data need careful management. You never surrender these details to unsolicited phone calls, emails, and most crucially, to sites that arrive on your mobile device through an SMS or text message.
Be aware. Stay safe.
Article courtesy of The IT Guys