What is Phishing, Vishing and Smishing? How can you avoid it?
Almost everyone today has a mobile device. With a rise in online and mobile usage, experts and authorities have also noticed a spike in the number of cybercrimes where cybercriminals use a number of social engineering techniques to scam users.
In this article, CompCiti helps you stay alert by explaining the most common forms of cyber threats and how to avoid them.
What is Phishing?
Nearly a third of all breaches take place through phishing with 78% attacks on Cybersecurity alone.
Phishing is one of the most common attacks deployed by hackers. It is a type of social engineering used to steal private data from users, it can range from asking for login credentials of users to credit card details or social security details.
Hackers often masquerade as a trusted entity divert users to websites mostly through E-mails to pages that look like their bank page to gather personal information from users.
Top 5 impersonated brands:
How can you avoid phishing attempts?
The first and the most important way to avoid phishers is to notice and educate yourself and your employees what a phishing email looks like, there are many videos and resources available online explaining what a phishing email looks like and what to avoid.
Besides this apply the below-given points as well:
- Check the URL spelling before you click on an email link
- Avoid URLs that redirect you to any other website
- If the email comes from a known source but doesn’t seem right contact the source directly
- Don’t give out personal data online unless you confirm with the source first
How can a company’s IT department help foil phishing attempts?
- Start “Sandboxing” emails- inbound emails can be filtered and checked for authenticity of links
- Analyse web traffic
- Filter out weak points in network organization, educate employees on the same
- Hold regular workshops to help employees still alert and report phishing attempts more accurately
Other Forms Of PHISHING
Phishing is a wide term, under phishing are two more important types that you should be aware of they are “Vishing and Smishing”
Vishing is short for “Voice phishing”, unlike phishing that takes place on emails these scams are based on voice calls or robocalls.
In 2018, robocall scams grew up to 328% around the world.
How does Vishing work?
Often a hacker or scammer would call from an unknown number or internet number, with an automated call or a human on the other line claiming to be representatives of some well-known brand (such as Apple, Microsoft or AT&T)
They then ask you to ‘verify’ your details and provide details such as date of birth, social security number, etc.
From here they take your personal details and use it to gain access to your accounts.
How can you avoid Vishing?
- Don’t answer unknown callers
- Hang up if you realize it’s a spam call
- Let unknown calls go to voice mail instead of answering them.
- Don’t give out personal information to callers unless you are aware of the number and have verified the source of the call through looking up the caller id
Another common form of scamming via phishing is “Smishing / SMS phishing” which stands for scamming through SMS instead of Emails.
When someone attempts Smishing they use a text message as “bait” to attempt and get the user to share their personal information. Mostly hackers use SMS phishing as step one, along with other phishing techniques such as voice or email phishing. Through a text message, they invite the user to click on a link or mail at the given email ID or call the given number.
What makes Smishing harder to detect compared to a phone call or email, is the fact that the URL is projected on a mobile device, hence the entire URL is not clear to the victim who may feel it is an authentic site. Also, the scammer can use internet or fake IDs to call. If you see 5000 as the caller number it is likely an internet call.
How can you avoid Smishing?
- Keep an eye out for changing numbers. For example, your bank or Amazon will have one particular number they send messages from, if the text seems authentic but the number doesn’t contact your customer care.
- Provide training to educate your employees – regular training and updates on new trends in phishing and how to avoid smishing is a valuable start since Smishing is harder to detect given the amount and quantity of texts a user has to filter. Telling signs of a scam can help employees report and avoid such scenarios altogether.
- Have a secured enterprise messaging solution in place – monitor and track traffic that is directed at phishing sites to help reduce chances of smishing. This can help you capture and report any smishing or any other phishing attempts made towards your company.