Skip to main content

Secondary navigation:

Information Technology Services

Phishing, Vishing, and Smishing - Cybersecurity Threats on the Rise

11/30/17

by EagleTech Mason Peterman

Phishing, vishing, and smishing have been around for years and are most certainly not new threats to your personal information. But, the way attackers use these tools has changed and attacks are on the rise. The low cost and minimal technical knowledge associated with these threats makes them a favorite for cyber criminals. Learning about what these types of attacks entail and how to identify them will keep you and your personal information safe while online.

Phishing

Phishing scams work by tricking you into clicking on a link or attachment that either infects your machine with malware or will bring you to a webpage that looks legitimate, but is really designed to steal your personal information. Classic phishing scams usually involved fraudulent emails identifying themselves as a trusted source. Scams are evolving and attackers are using live chat support rooms on websites to gain access to user information. Finally, targeted attacks at high profile corporations and employees use well researched info and are specifically designed to appear like they are coming from a trusted organization or an employer.

Vishing

Vishing is a similar fraud, but is conducted over the phone. It is known as voice phishing or “vishing”. This scam exploits an individual's trust in telephone services and is designed to gain access to personal and financial information. This type of attack is often effective because many victims are unaware that fraudsters can use techniques like caller-ID spoofing and automated calling systems. Caller-ID spoofing allows scammers to appear like their call is coming from a legitimate institution and with automated calling systems, thousands of numbers can be dialed in just an hour. These scams typically involve a call from someone saying there was fraudulent activity on a credit card or bank account, they then provide a number to call back which brings the victim to an automated system asking for their personal information.

Smishing

Smishing is the same scam as phishing and vishing however, it is done over text message. In a similar style to the other two types of fraud, smishing involves a text message warning the victim of fraudulent activity and calling for “Immediate Action” before asking the victim to divulge their personal or financial information. As messaging services are being more widely offered by organizations, smishing is a growing issue because it is becoming more and more difficult to differentiate between legitimate and fraudulent messages.

Protecting Yourself

The most important way to avoid these different scams is to be aware of them and to educate yourself. Knowing what to look out for is the first step to protecting your personal information. Scrutinize emails and messages for key differences that will tip you off to the fraudulent nature of the email (example below).  Think twice before clicking on links in emails and online. Consider the source from where the message came and if anything is suspicious it is best to delete it or not click on it. Finally, consider setting up extra security precautions like two factor identification in case your information is compromised, this will ensure attackers are not able to access your sensitive information.

Sources:

https://www.emc.com/collateral/white-papers/h11933-wp-phishing-vishing-smishing.pdf

https://www.wired.com/2017/03/phishing-scams-fool-even-tech-nerds-heres-avoid/