Smishing and Vishing — What are these Cyber Attacks
On March 15, 2021, we sent out an alert regarding the rise in business email compromise. Today we want to inform our clients about additional increasingly popular phishing attacks we are seeing across our industry, have you heard of smishing and vishing yet?
Smishing and vishing are types of phishing attacks that lure victims via SMS messages and voice calls. Both types of attacks rely on the same emotional appeals used in traditional phishing scams. They are designed to drive the victim to urgent action or distract the victim during busy hours of the day.
Smishing (SMS phishing) is conducted using SMS (Short Message Services) on cell phones. The messages usually include an enticement or threat to click a link or call a number which then prompts you to provide sensitive information. Sometimes the messages suggest installing security software, which is malware. The links can place malware on your device the moment you click them even if you do not input additional information.
An example of a smishing would be a text message that says, “Your ABC Bank account has been suspended. To unlock your account, click the link: https://bit.ly/2UDldaP” and the link will download malware (malicious software or other harmful computer programs hackers use to gain access to sensitive information) onto your device.
Vishing (voice phishing) is a type of phishing attack that is conducted by phone and often targets users of Voice over IP services like Skype or Zoom.
Scammers use fake caller IDs, to appear to be calling from a local area code or even from an organization you are familiar with. If the victim doesn’t answer, then sometimes they will leave a voicemail message asking for you to call them back. The attackers may use an answering service that is unaware of the crime being perpetrated.
At Krieger Worldwide it is important to keep our clients informed and updated on not only the latest industry trends and news, but also on ways to protect themselves against these evolving threats. Just as we have sent out information in the past on how to protect yourselves and your company against email scams, we want to ensure you are informed on how you can be proactive against these new forms of phishing attempts. Do not click on links in SMS messages and do not provide any personal information to a caller unless you are certain they are legitimate. We advise you to look up any unknown phone numbers and website addresses to confirm they are accurate and legitimate.
As phishing continues to evolve and find new forms of attacks, it is important to stay vigilant and updated on strategies to combat attacks. It is always better to err on the side of caution and confirm these messages are true and accurate, people will understand if you hang up and find the information yourself before calling them back.
Many of us have transitioned to virtual meetings over the past year and these attacks have been on the rise. These attacks are designed to drive the victim to take immediate action. If you are every unsure about an email, text message, or phone call—take time to consult someone you trust about the veracity of the message.