What is Smishing and how do we recognize it?
If you have been a client of Bacheler Technologies for some time,
you have heard us discussing e-mail phishing attempts. We do our best to educate clients on the threats of these attacks and what the bad actors are trying to accomplish. During our lunch and learns, we teach users how to avoid falling for the attacks.
We have seen a large uptick in attempts to gather information from cell phones (Smishing). Smishing and vishing are types of phishing attacks that try to lure victims via SMS messages and voice calls. Both rely on the same emotional appeals employed in traditional phishing scams and are designed to drive you into urgent action. The difference is the delivery method.
Smishing example: A typical smishing text message might say something along the lines of, “Your ABC Bank account has been suspended. To unlock your account, tap here: https://bit.ly/2LPLdaU” and the link provided will download malware onto your phone. Scammers are also adept at adjusting to the medium they’re using, so you might get a text message that says, “Is this a pic of you? https://bit.ly/2LPLdaU” and if you tap that link to find out, once again you’re downloading malware.
Vishing definition: Vishing (voice phishing) is a type of phishing attack that is conducted by phone and often targets users of Voice over IP (VoIP) services like Skype.
It’s easy for scammers to spoof caller ID so they appear to be calling from your local area code or even from an organization you know. If you don’t pick up, they leave a voicemail message asking you to return the call. Often, these scams will employ an answering service or even a call center that’s unaware of the crime being perpetrated.
Once again, the aim is to get credit card details, birthdates, account sign-ins, or harvest phone numbers from your contacts list. If you respond and call back, there may be an automated message prompting you to hand over data and many people won’t question this, because they accept automated phone systems as part of daily life now.
How to mitigate the risk: Do not answer the calls or respond to the text,
this only validates the number and puts you at greater risk. Clicking the link in the text can download malicious software to your phone and export your contacts.
As always, if any of your team members receive a suspicious email, please have them forward it to our help desk: firstname.lastname@example.org they will determine if it is a threat or a legitimate email and respond to your team members email.