Phishing attacks are the most widespread cyber attack worldwide and cyber criminals are constantly developing their phishing techniques to lure personal information out of their victims
A further development of phishing is smishing and vishing. Read on to learn all about the two types of phishing
What is phishing?
Phishing is a type of cyber attack that attempts to trick victims into clicking on links in fake emails or downloading attachments with malware. The link typically takes the victim to a seemingly legitimate website for an organisation, asking them to enter their usernames, passwords, account numbers or other private information. This information is then sent directly to the cybercriminals. The cybercriminals pose as well-known companies or authorities to appear trustworthy, to create confidence and to hide their identity
For example, an email may state that your bank account has been locked and ask you to click on a link to regain access. However, the link takes you to a fake website that simply collects your information, such as your online banking username and password. The scammers can then log into your account and steal your money
Phishing is most common through email, but it can also take place over social media, where the victim receives a chat message
What is vishing?
Vishing ("voice phishing") is a form of phishing that takes place over your phone through phone calls. Scammers call potential victims, often using pre-recorded calls, pretending to be from real companies to request personal information from a victim.
For example, you might get a call about your car's extended warranty. If you answer this call and are connected to an alleged employee, you may be asked to share personal information such as:
First and last name
Driving licence information
Social Security Number
Payment card details
Some cyber criminals may also record your voice and ask a question to which you will probably answer "yes". They can then use this recording to pretend to be you on the phone to authorise charges or access your financial accounts.
A vishing scam can also start with an automated message telling the recipient that they are a victim of identity fraud. The message asks the recipient to call a specific number. When they do, they are asked to provide personal information. Hackers can then use the information themselves to access other accounts or sell the information on the dark web.
Categories of vishing
Vishing attacks can be categorised according to the person the cybercriminal is impersonating:
Companies or charities - Such scams may inform you that you have won a prize, present you with an investment opportunity or attempt to raise a donation for charity. To receive the prize or similar, you will need to provide some information. If it sounds too good to be true, it probably is.
Banks - Bank phone scams will usually inform you of suspicious activity on your account. Always remember that banks will never ask you to confirm your full card number over the phone.
Public institutions - These calls may claim that you are owed money in taxes or that you are required to pay a fine. They may even threaten legal action if you don't respond.
Technical support - A scammer posing as an IT technician may claim that your computer is infected with a virus. You may be asked to download software (which will usually be some form of malware or spyware) or be asked to let the scammer take control of your computer.
What is smishing?
Smishing (SMS phishing) is a type of scam that is similar to phishing, except that it comes in the form of an SMS. Smishing messages will often contain suspicious links (generally a shortened URL) that lead victims to a form used to steal their information. The link may also download malware such as viruses, ransomware, spyware or adware to the victim's device.
These smishing SMS messages may appear to be urgent requests sent from a bank or parcel delivery service. They may claim that there has been a large withdrawal from your bank account, that you need to track down a missing package, or that you have won a competition and need to claim your prize. It can be easy to fall for smishing as you feel you have to react quickly and therefore don't have much time to think
Smishing attacks on the rise
Like phishing via email, the number of smishing attacks continues to rise year on year. Data from the Federal Trade Commission (FTC) suggests that US consumerlost over $86 million through fraudulent text messages in 2020.
Smishing attacks are most often targeted at consumers. But increasingly, fraudsters are also using smishing techniques to target businesses
Take care of your sensitive information
To avoid becoming a victim of phishing, smishing or vishing, here are some concrete tips you can follow. These can protect you directly from scams and reduce the likelihood of you being targeted in the first place.
Pay close attention to your emails and other messages. Never click on links in messages from someone you don't know. Go directly to the correct website of the organisation the communication is purporting to come from and check that the message in the email or SMS is genuine.
Never give personal data to someone who contacts you out of the blue. If they claim to represent a bank, government organisation or company that you already do business with, hang up and tell them you will call them back immediately. Then go to the organisation's official website and call them on their official phone number to find out what's really going on.
Don't answer calls or text messages from numbers you don't recognise. Even if you answer only to ask to be removed from their contact list, the scammers will notice that you interacted with the call. This is likely to increase the number of calls you get from scammers in general
Use My Digital Self-Defence
My Digital Self-Defense is a free app that helps you increase your safety online. The app keeps you up to date on the latest digital threats and includes information on phishing attacks (both phishing, vishing-phishing and smishing-phishing), fake competitions, virus threats and other forms of malicious software
The app is easy to use and gives you advice on how to solve problems if you run into trouble. If you suspect that your details or accounts have been compromised, for example if you notice mysterious activity in your online banking or if the goods you bought online never turn up, you can get advice and guidance through the app.
My Digital Self-Defense is free and available for both iOS and Android devices.
About the author
Sofie Meyer is a copywriter and phishing aficionado here at Moxso. She has a master´s degree in Danish and a great interest in cybercrime, which resulted in a master thesis project on phishing.