Vishing, Smishing, and All the Other Strangely-Named Trends in Social Engineering

According to Interpol, social engineering scams cost businesses around the world a total of $1 billion in 2015. This figure is rising all the time. Nonetheless, many people think they’re smart enough to avoid being caught out by online scams, but the truth is that social engineering tactics are getting cleverer by the day. Although absurd lottery scams and emails from deceased Nigerian princes still appear in the spam folder on occasion, there are others not so obvious yet still every bit as dangerous.

Instead of relying on automated spamming techniques and malicious software alone, many scammers now use psychological manipulation to have their victims willingly give away their personal or financial information. By building rapport, these cybercriminals get their victims to trust them, often by instilling a sense of urgency in the process.

Phishing is the most common form of social engineering as well as the fastest-growing one. Most of the time, phishing scams arrive by email, appearing as messages from recognized and respected companies. Often, these emails contain a link to a website that masquerades as something familiar, and asks for login information. If the imitation is convincing enough, entering a username and password gives cyberattackers all the information they could ever ask for.

Most phishing emails are obvious to any seasoned internet user, but there are convincing scams. To avoid becoming a victim, always look at the sender and subject to make sure there aren’t any subtle differences in the address, such as a misspelling. If an email looks remotely suspicious, then it’s almost certainly a scam. It’s also highly unlikely that any company will ever send unsolicited attachments. Lastly, realize that no legitimate company will ever ask you to provide login or payment information by email.

Smishing is another rapidly emerging security threat that uses SMS, rather than email, for sending fraudulent messages. This growing threat comes at a time when people are likely to spend more time using their phones than desktop computers, so it shouldn’t come as a surprise that mobile malware is on the rise. Like their email counterparts, phishing SMSs will usually contain a web address or premium-rate phone number, prompting you to take immediate action under the threat of an account closure or something similar.

Vishing is a contraction of “voice phishing,” and it’s the telephone equivalent of the conventional phishing email. Instead of relying on written messages, criminals use a phone call to try and get sensitive information out of you. Fraudsters may claim to be employees of your bank or other institution, such as a utilities provider. For example, a criminal masquerading as someone from your bank may claim that they need to “verify” your account information due to some suspicious charges being found. However, your bank already has this information, so there shouldn’t be any need for them to ask for it again.

If you get an unexpected phone call from your bank or any other company, always treat it with suspicion, and never give your payment information over the phone during an unsolicited phone call. If you receive a suspicious call, always hang up and call a number you know is legitimate or, better still, go to your local branch office and report the matter in person. Above all, never let belligerent criminals attempt to intimidate you into giving up confidential information.

Pharming refers to a cyberattack that attempts to redirect traffic from a legitimate website to a malicious one. Using this advanced and increasingly widespread form of identity theft, hackers can sometimes secretly install malware on legitimate websites or, more likely, trick internet providers into sending users who type to a different, unsafe site. Unfortunately, antimalware software cannot provide any protection against pharming attacks, so you’ll need the guidance of IT experts to recognize one of these schemes.

To avoid falling victim to a pharming scam, always make sure the connection to the website is protected, as would be indicated by “HTTPS” in the address, or a padlock icon next to the URL. Additionally, if the website looks different from when you last used it, or it’s behaving unusually in any way, be aware that it might have been compromised.

Dyrand acts as your virtual IT department, managing everything from remote monitoring to disaster response and data backup. Talk with our experts today to find out how we can help you put an end to unnecessary downtimes, delays and security threats like phishing.