Phishing, Smishing and Vishing – Try and say that fast 3 times!

Apart from these words making you sound like you’ve been dallying with the black bottle if said out loud, they are actually types of social engineering scams.

It is highly likely if you’re reading this article on a computer, tablet or mobile phone that at some point in the last vicennium you would have been the target of at least one of these scams, if not all of them.

Firstly, what are social engineering scams?

These styles of scam are created to manipulate human behaviour. The aim of the scam is to compel the user to complete an act or series of acts over a period of time that would be to the benefit of the fraudster.

Common examples of these acts could be from persuading you to install software on to your device which turns out to be malware, to convincing you to provide confidential information such as bank details and passwords or transferring sums of money to a fraudsters account.

So, we have won as $100,000 at some point in our lives, haven’t we? but the email stated the only problem was we had to pay $10,000 dollars to the Minister of Stocks, Currency And Monies to have the Grand Prize released from the Royal Republican State Bank of Nigeria.

This is an early example of a social engineering scam and although we may laugh at it now there are many who have fallen foul of this over this over the years.  Victims manipulated with the promise of financial gain.

The mediums in which many of these frauds are carried out are via:

Email - Phishing

Text Message – Smishing

Unsolicited Phone Calls – Vishing

The words themselves derive from the pass time of fishing, the fisherman casts out his line with a tiny incentive on the hook and waits for a fish to bite. The mode of operating for these types of scams is essentially the same but with millions of lines cast at the same time.

It is estimated that worldwide 3.4 million fake emails are sent every day that equates to more than a trillion fake emails every year!

These types of scam are usually received out of the blue, the fraudster will mascarade themselves as being from a well-known organisation or company and will make out there is a sense of urgency or deadline, that some form of action needs to be taken immediately.

Phishing and Smishing scams will usually ask you to click on a link either from within the email or a text message. Once you click on the link you will either be directed to a fraudulent website which will ask you to input your bank details along with other personal information or you will download malicious software on to your device, this would allow the fraudster to access this information directly from your device via web cam hacking, audio hacking, key stroke logging just to name a few.

In the Vishing scenario, the caller will ask you for this information directly whilst purporting to be from a legitimate company or organisation or they may ask you to install software onto your device which they say will allow them to assist you, this will not be the case and will always be to your detriment.

Many of these scams are well engineered and carry all the hall marks of being legitimate. A large proportion of these scams are personalised through obtaining your details from social media or via the dark web. You would be surprised what data can be purchased on the cybercriminal underground.

How to identify and Avoid being Victim of Phishing, Smishing and Vishing scams

There are some traits common to many Phishing and Smishing scams, by taking an extra few seconds to consider the email before completing an action you may be saving yourself from a valley of tears.

  1. Is everything spelt correctly and is it addressed to you personally. If not take extra care, it is often the case fraudulent messages are addressed generically and contain spelling and grammar errors.
  2. Does the message seem too good to be true?
  3. Does the message attempt to put you under the pressure of time?
  4. Are you being asked to click a link or download something you were not expecting?
  5. Is the message asking you for passwords or financial information?

If you receive a surprise message containing these traits it is likely a scam. Contact the organisation or business you received the message from DO NOT contact them via the details provided within the message as the could direct you to the scammer.

If you receive a call out of the blue asking you to provide your personal details or to install software DO NOT do it, even if the caller purports to be from the police or a government organisation, end the call immediately.

Make sure the call has ended and the line has cleared before attempting to use the phone again.