4 minute read
Smishing and Vishing
i Tech Tip:
Smishing and vishing – Old tactics, rising popularity
Matthew Cosgrove GreenStone VP of Information Security
2021 was an unprecedented year in the world of cyber security. Through Sept. 30, 2021 there were 1,291 publicly reported breach incidents according to the Identity Theft Resource Center (Identity Theft Resource Center, 2021). Many ended the year with a very publicized Apache Log4j vulnerability that affected millions of internet-connected devices. Heading into 2022, there are no signs of this activity slowing down. In fact, with the current geopolitical scene, many cybersecurity professionals are expecting phishing and ransomware events to increase this year.
Verizon reported in its 2020 Mobile Security Index Report (Verizon, 2020) that 85% of phishing attacks take place on mobile devices. These attacks are happening via messaging (SMS), social media, gaming sites, and productivity apps like Google’s G-Suite or Microsoft’s Office365. Phishing attacks continue to be a popular choice with bad actors because of their simplicity and that they continue to work. According to Gartner Research (Pemberton, 2016), 98% of all text messages are read, and 45% of them are responded to; this is much higher than emails, which have only a 20% read rate and only 6% are responded to. Smishing and vishing are two old tactics that continue to gain in popularity targeting mobile phones.
What is Smishing?
The word smishing comes from combing “SMS” which means short message service. This is the technology used on our mobile devices for text messaging. SMS is combined with the word “phishing”, which is a cybercrime that attempts to lure individuals into providing sensitive data such as personally identifiable information, banking and credit cards details, and usernames and passwords. Phishing attacks use email, and smishing attacks start with a text message that looks like a legitimate message. These text messages contain URLs or links that trick recipients into visiting websites that could download viruses onto the victim’s mobile device or want you to provide sensitive data. Smishing is rising in popularity because most people trust a text message they receive on their mobile device over an email that arrived at their Inbox. Because of this trust, more people would respond to the text message they just received or click on the link that they were sent.
What is Vishing?
The word vishing comes from combing “voice” and “phishing”. Vishing is simply a phishing attack that, instead of using an email, starts with a voice call. The scam artist wants to trick you into providing sensitive data to the scam artist over the phone. The scam artist will often say things like your account is compromised or locked out and claim to represent financial institutions, law enforcement, or customer support representatives. These voice calls use techniques that can spoof the caller ID to make it look like the call originates from a known number. Along with smishing, vishing is also rising in popularity because most individuals, when contacted directly, fall victim to the scam artist pressure tactics over the phone.
Here are eight tips to help protect yourself from falling victim to Smishing and Vishing attacks!
• Use common sense – Limit the information you share on
online profiles and do not share your mobile phone number on public websites. • Do not reply directly to smishing text messages – replying directly to these smishing text messages lets the spammer know that this number is genuine. This could increase the number smishing messages you receive. • Do not click on any links in text messages – clicking links in these smishing messages could install viruses or malware on your mobile device to harvest personal information from your phone. • Contact the company directly – when in doubt, contact the company directly using a phone number or website that you know to be legitimate and verify the request was made. • Place your number on the
National Do Not Call Registry –
Adding your mobile number to the Federal Trade Commission’s (FTC) registry lets you opt-out of receiving unwanted calls. If
you receive a call after a month, you can report the offense to the FTC. • Do not pick up the phone – If you do not know the phone number that is calling, let the number go to voicemail. If the caller leaves a message, you can decide if you need to contact them back. • Hang up the phone - If you pick up the phone and suspect a call is a vishing attempt, just hang up the phone. No additional conversation is needed. Hang up and block the number. • Caller ID can be faked - Do not trust the caller ID number. This number can be easily spoofed to get you to answer the call or text. All contact should be regarded as suspicious unless proven legitimate. These tips will go a long way to help you identify and know what to do when you get a smishing and vishing message. ■
3515 West Road East Lansing, MI 48823
CEO Retirement Announced...
With a 41-year dedicated career serving the Farm Credit System, Dave Armstrong, your president and CEO of GreenStone, has announced his retirement for mid-2022
