Phishing, Smishing and Vishing: let’s discover together the new frontier of phone scams!
In an increasingly technological world, the number of people who are aware of phishing and smishing techniques is growing. Little known, however, is vishing, another method used to scam people. If phishing consists in sending emails and smishing in sending text messages, with vishing phone calls are made from unknown numbers to get the user to leave personal information.
“Vishers”, criminals who use these types of attacks, use counterfeit phone numbers, voice-altering software, but also fake text messages and social engineering techniques to trick users into giving them sensitive information. Phishing and vishing have the same goal: to obtain information for illicit purposes, such as identity theft, financial scams or access to digital accounts.
For both forms, cybercriminals have hundreds or thousands of potential victims at their disposal, but they can also target a specific organization, in which case they will use a much narrower list, limited only to the most interesting corporate figures to target.
What Phishing, Vishing and Smishing techniques look like
The messages sent are created specifically to arouse the interest of those who receive them and push them to provide sensitive data or to click on links connected to sites infected with malware. Other times, instead, messages containing attached files are sent, which once opened allow those on the other side, to continue with their illicit intentions.
In addition, it can be noted that the sms often contains information regarding the revenue agency or other institutional bodies; in fact, criminals often play their strength on threats or intimidating sms to immediately make the reader fall into the trap. Sometimes they send messages asking for an answer and this to be immediately sure the number is active. Often those who want to put in place a scam, use robocalls: or automatic calls made through special software that contact the numbers of a list, playing an automatic message pre-recorded, as soon as the user answers.
There is a first part of the message, reproduced through software that allow to create a text with neutral language, without inflections and accents, this, to make it more credible to the ears of potential victims and to push them to stay on the line to speak then with an operator, that in reality will be nothing but the cybercriminal.
Although there are differences between vishing, phishing and smishing, it is good to remember that they all have the same purpose and that is: to steal credentials and personal and financial data. It often happens that people are familiar with the last two techniques, but are less informed about the first one, which is then preferred by cyber criminals, because they have a better chance of success.
In recent years, vishing scams have been on the rise, which is why it is becoming increasingly important to be able to recognize them and know how to defend yourself. The most important thing to watch out for is that not all messages are sent from malicious numbers. Often, in fact, 5-digit numbers are used, similar to those of operators who send codes for double authentication systems or to carry out particular operations.
Visching, phishing and smishing can also be used in combination to carry out targeted attacks against important or prominent company figures.
What to do to avoid falling victim to phone scams
In order to avoid being victim of a vishing attack, the best way is to ignore any type of message that can arouse suspicion. The same telephone operators have now implemented anti-fraud systems, to recognize and report to the user potentially dangerous sms or calls from unknown numbers and recognized as fraudulent.
However it is always good to remember, to never rely solely on the only ability of operators, to block attacks. It is important, in fact, that users take the necessary precautions to avoid becoming victims of these frauds.
The steps to follow to avoid falling for a vishing, phishing or smishing attack are:
- Be aware that attacks exist and are spreading more and more; it is therefore important for organizations to adequately train staff, while for ordinary people it is a basic rule of thumb never to provide personal information to anyone you contact via text message or phone.
- Always pay the utmost attention to text messages that try to scare or put pressure on you; the scammers will always tend to invite the victim to send money immediately, via bank transfer or prepaid card recharge.
- Ignore calls from unknown numbers.
- Be skeptical of anyone who asks for personal information over the phone; it is always good to keep in mind that no institution such as a bank or IRS will ever ask for personal information over the phone.
- Pay attention to any errors in the text of the sms; phishers often modify messages sent by companies to insert new texts and fraudulent links, and since they operate outside of Italy, there may be grammatical, translation or formatting errors in these messages.
Basic rules to follow in case of phone scams
If you fall victim of any of the three scam techniques, keep calm, in this article we will help you find a solution:
- First, if you feel you have fallen victim to a phone scam, write down as much information as you can on a piece of paper such as: username, password, and accounts you shared.
- Immediately change the password on the affected accounts and on any other accounts where you used that same password. Also, remember to never create the same password for more than one account.
- Enable multi-factor authentication for every possible account.
- If you have shared information about your credit cards or bank accounts, contact the institution to inform them of the possible fraud and immediately block the cards.
- If you’ve lost money by transferring it or have been the subject of identity theft, report it to law enforcement.
- Update your email blocking filters to prevent sending more messages like the one in question.
If you are an online account holder and would like to learn more about the safety of your savings, please feel free to contact.