As security education is becoming more common in organizations and everyday life, phishing has been a term that people have become more familiar with over the years. What they may not know, is that there are multiple forms of “information fishing” that they should be aware of. Phishing, vishing, and smishing are three of the most common types of information fishing and almost everyone has experienced at least one of them. Maybe it was a call from ‘Windows Tech Support’ or an email asking you to send money to a distant relative, but whatever the case, these types of scams can pose a serious threat to our information. Here are the main differences between phishing, vishing, and smishing and things you should be on the lookout for when receiving an email, text, or voicemail before you respond.
Phishing is the most common of the three, referencing information fishing scams sent through online means. While most of the time, these scams come through emails, it isn’t uncommon for the scams to happen on online forums. The first phishing attack was in the 1990’s, when a group pretended to be AOL employees to steal account information. After that, hackers started buying domain names that looked relatively close to popular websites, then sent out mass emails warning people to update their credit card information. These types of scams were, for the most part, very vague in their request and easy to spot. They typically started off vaguely, such as, ‘Dear valued customer.’ Then, they would bring in some urgency, like suggesting your account was about to be deactivated. To save your account, all you had to do was submit your username or password. Until recently, these were the majority of phishing emails received. Now, there is a new variation called spear phishing. In these types of scams, the scammers do research on their target to make their scam as believable as possible, knowing who they’re targeting and what type of information they’re likely to gain in the attempt. Spear phishing, conversely to regular phishing, prefers quality over quantity.
One of the best ways to keep yourself from getting scammed is by refusing to participate at all. Knowing the best ways to spot a phishing email is the first step in winning the war, but what it all boils down to is double checking everything. If an email appears to be from someone you know, give them a call or start a separate email with them as a safety precaution. Never click on links unless you are expecting them and never share personal information. Another good way to avoid phishing and spear phishing emails is to use a secure email gateway, which can block scam emails from reaching you in the first place.
Vishing is voice phishing, or information fishing happens over the phone. Scammers pretend to be part of a larger, well-known company to ask for your private information. One popular vishing scam is the Windows Tech Support scam. In this type of vishing attack, the scammer pretends to be part of Windows Tech Support and asks for access to one of your computers. The scammer proceeds to take your personal information off your computer, including passwords, usernames, and credit card info. Vishing scams can also take a scary turn. Sometimes, scammers will pretend to be a part of a government agency or police department. They will talk loudly and threaten you, stating that you have warrants out for your arrest and that you will be arrested unless you pay a fee. Rest assured, no warrant has been created in your name and government agencies will rarely contact you by phone, opting instead for official correspondence via postal mail. These types of scams tend to target people who are not tech-savvy, such as older generations.
A good way to avoid vishing scams is to avoid answering calls from unknown numbers. You should also avoid returning calls from unknown numbers unless they are from someone you know and trust. Recently, ‘one ring’ phone scams have become a rising danger. They ring your phone once, then charge you fees upon fees when you call them back. You can also download a caller ID and spam protection app, such as Mr. Number, to protect your phone from these types of attacks.
Smishing is text-based information fishing. These scams can be something as simple as sending you a link with a text stating that you won a sweepstakes or as complex as a bot with preprogrammed responses. Smishing scams try to convince or threaten people into clicking a link to a secondary website. They use prizes, offer coupons, or threaten you with legal dangers or fees all in an attempt to convince you to give up sensitive information. We all know the dangers of clicking links in emails, but text messages are, usually, safe spaces for us. That’s why so many scammers try to use texts to steal from us.
The best way to avoid getting scammed with a smishing attack is to not click on links. Even if the texts promise prizes or fees, the safest thing to do is to ignore it. Also, pay attention to the phone numbers that text you. If it doesn’t look like a normal phone number, such as a 5000 number, that’s usually an email sent as a text message. Do not pay attention to these texts unless it is to a service you are subscribed to. Even then, double check the number before tapping anything.
The online world is a great place, but we also face a lot of dangers there. Phishing, vishing, and smishing are just three of the most common information fishing attacks out there and thousands of people fall victim to them every day. Being aware of these types of attacks is important so you know how to prevent them. Businesses face these attacks en mass as 85% of all businesses have been the target of information fishing. Using a managed services, such as Secure Data, can keep you safe before, during, and after an attack. Managed services are helpful in every aspect of a cyberattack as they monitor your networks before the attack, shut them down during, and help you with a plan to recover afterwards. Remember to stay safe this Cybersecurity Awareness Month and to do your part to stay cyber smart.