27/11/2019

Smishing and Vishing – the New Phishing

Despite more people becoming conscious of their online security, phishing attacks continue to be one of the most effective ways for cyber criminals to steal private data. 

As a result, there are now several different types of phishing threats that everyone should be aware of, including smishing and vishing.

What is Smishing?

Smishing – short for SMS phishing – is a security attack carried out over an SMS text message that enables criminals to steal a victim’s money or identity, or sometimes even both. The message is designed to trick or manipulate the recipient into carrying out a specific action that will lead to them being defrauded.

The fraudulent texts often claim to come from a trusted source, such as:

  • A renowned technology provider like Apple or Google, asking you to ‘validate an account’ or ‘confirm a purchase’
  • HMRC, informing you that you are ‘due a tax refund’
  • Your bank, notifying you that there is a ‘problem with your account’
  • A parcel delivery company, asking you to ‘confirm that you want a parcel to be delivered’.

These are just a handful of examples. Typically, the texts will imply the need for the recipient to act urgently, be it to avoid an issue or to take advantage of an ‘offer’, usually by following a link – that leads to a website which either requests confidential information or causes a virus or malware to be downloaded to the recipient’s phone – or by making a phone call to a specific number, which may be a premium rate number that charges exorbitant rates to the recipient’s bill, or again requests confidential information.

Be Aware of Vishing

Similar to phishing and smishing, vishing – short for voice or VoIP phishing – is another e–fraud tactic used to trick individuals into giving confidential personal or financial information to unauthorised individuals or organisations that will be used for identity theft. Vishing does not always occur over the internet – it can be conducted by voice email, VoIP or phone using voice technology. Like smishing, vishing aims to trick recipients into providing private information through scams such as:

  • Banks claiming your account has been compromised;
  • Charitable requests for urgent causes;
  • Exaggerated investment opportunities;
  • You’ve won a prize.

How to Avoid Becoming a Smishing or Vishing Victim

  • Do not respond to texts or calls unless you are 100% sure they are genuine – if in doubt, call the organisation in question from a separate phone or landline and ask them to confirm the legitimacy of the text.
  • Report spam text messages to your mobile provider (free of charge) by forwarding them to Ofcom at 7726 (or for Vodafone users, 87726) from the device they are received on, so that your mobile network provider can take early action to block and report the spam numbers.
  • Texts may seem to come from someone you trust, however, numbers can be hacked or spoofed – ask yourself if who the individual or organisation the message is claiming to be from would contact you via text with this information.
  • Visit ‘Which‘ to use their online service that allows you to report scam texts and phone calls.
  • Remember – if it seems to be good to be true, then it probably is.
  • Connectwise
  • Logitech
  • Microsoft Partner Gold x 6
  • HP Enterprise
  • HP Preferred Partner, Gold
  • Aruba
  • Mimecast
  • Watchguard
  • Citrix
  • BT
  • Webroot
  • Arcserve
  • APC
  • Plantronics