Data Protection and Security: Phishing, Smishing, and Vishing (Part 1 of 4)


Cybercriminals are getting more creative in the strategies they use to interfere with data protection and security, to steal identities, funds, and private information from unsuspecting individuals and organizations. Phishing, smishing, and vishing are among the most common attack methods used to infiltrate your privacy and create havoc in your life. Millions of dollars have been lost to these types of attacks, which increased dramatically during the height of the COVID-19 pandemic. With the resultant rise in teleworking and online shopping during the pandemic, cybercriminals realized a wealth of opportunities to take advantage of unsuspecting people.

 

If you have not already experienced a phishing, smishing, or vishing attempt, you likely will soon. In this four-part series, we will help you recognize the various ways cybercriminals use email to invade your data protection and security, steal your valuable information, and take your money – and learn how to avoid being a victim.

 

Phishing.

Phishing means just what it sounds like – fishing – a method of casting around to find unsuspecting subjects in a large pool, usually via a fraudulent email sent to many addressees and designed to appear legitimate, including its conveniently provided site access link. The email may inform you that your bank account has been locked or an unauthorized purchase has been made and indicates that you must address the situation immediately. That implied sense of urgency is key in making this scam work because it triggers fear or anxiety, and thus manipulates you into a knee-jerk response. In your attempt to quickly resolve the issue, you click that conveniently provided link and malware gets installed on your device, or, once you’ve arrived at the link’s destination, the information you provide there is collected and used to access your account. By the time you discover you were not actually on your bank’s website, your account may already have been breached and your funds depleted.

 

Click here to read about the recent HYPERSCRAPE phishing strategy.

 

Other forms of phishing include spear phishing which seeks to target a select group of individuals based on prior research and information gathering from various sources including social media, and whaling or whale phishing, which is used to specifically target high level business personnel and people with celebrity status.

 

Smishing.

Smishing, named for its use of SMS technology, is a form of phishing conveyed via text messaging. You may receive a text that appears to be from a large shipping company like Amazon or FedEx, stating that there is a problem with delivery of your order or maybe from your bank, indicating a suspected fraudulent purchase. As usual, a convenient link is provided for you to click to quickly resolve the problem. However, the link will take you to an illegitimate location where the cybercriminal is waiting to collect your information and gain access to your account.

 

Vishing.

Vishing is a strategy that uses voice tactics to extract information from you that can then be used to infiltrate your privacy or accounts. You may receive a vishing call via your cellular line, land line, or a VoIP line, informing you of an urgent situation you must address immediately or suffer dire consequences. You may even receive calls or voicemails that threaten you with jail time or levying of exorbitant fines you will have to pay if you do not act immediately. These calls may be pre-recorded as and disseminated through robocall technology, use a computer generated, automated response system, employ software to disguise or distort the caller’s voice, or use other deceptive tactics to prevent you from knowing who you’re really talking to. The caller may also ask you to install or ask permission to install some kind of software or app that will allow the caller to “assist” you in resolving the issue or to access your system remotely. Once you install that software or provide access, the attacker can assume control of your system and lock you out.

 

 

Avoid Being a Cybercrime Victim:

The objective in all of these strategies is to play on your emotions – to bring fear and anxiety into the mix and cause you to act without thinking or investigating first.

 

How do you avoid being a victim of these phishing strategies?

 

First, be vigilant. Recognize that an amazing offer that comes to your inbox out of nowhere should first be regarded as highly suspect. Before you click that link to collect your massive inheritance or claim your exciting grand prize, carefully examine the sender’s address. The email may say it’s from your bank but the sender’s email address may be from an individual on an unrecognized domain. Also, just hover your cursor over the provided link in the message without clicking it and look to see its actual destination at the bottom of your screen. If the link is for an http and not an https address, it is not secure. Also, look for other clues within the domain address that indicate you will be taken to an alternate site. Your bank and other institutions usually contact you within their own website message portals. They will never ask you via email to provide your account information or password. Do not provide this information via phone or online.

 

Also, note the wording of the email or text. Are there missing words, spelling errors, poor grammar, language that just sounds unnatural? Chances are the message is bogus. But note that as cybercriminals become more adept at these deceptions, their grammar and spelling skills are improving.

 

Secondly, don’t be fooled by any implied sense of urgency or threat of dire consequences. Your email service provider does not suddenly contact you to say your account access will be cut off in 24 hours if you do not click this link and change your password. This is just a perpetrator using emotional manipulation to trick you into providing access to your account.

 

If you receive any email, especially one demanding an immediate response to prevent some terrible outcome, always contact the institution separately via a phone number you know to be legitimate or go separately to the official website for assistance. Do notreply to the sender and do not click any link or call any phone number provided in the email, text, call, or voicemail received.

 

Solutions for Phishing, Smishing, and Vishing.

A cybercriminal’s success in infiltrating your privacy can result in far more than simple annoyance or inconvenience. The damage can be irreparable, from lost funds, to breached sensitive information and intellectual property theft, to stolen identity, to complete business shutdown, all of which can have serious repercussions for years to come.

 

Here are just a few things you can do to mitigate a phishing, smishing, or vishing attack:

• Adopt a Zero Trust policy for your business and personal online communications and remain vigilant in watching for the warning signs.

• Implement a multi-factor authentication system to make it more difficult for cybercriminals to access your accounts.

• Install antivirus software on your devices and ensure it is kept up to date.

• Obtain an account with a reputable identify theft protection service provider.

• Change your account passwords periodically and ensure they are as strong as possible.

 

Our best recommendation for mitigating phishing attempts is to adopt Gold Comet Secure Messaging as your email service provider. Our patented system offers multi-factor authentication and effectively screens out cybercrime scams because those unwanted emails can never even reach your inbox. All of your data is safely protected within the Gold Comet Secure Cloud. If you would like to speak to a representative about Gold Comet’s products, please use our Contact Form.

 

In Part 2 of this series, we will discuss more ways that email can be used to threaten your information privacy:  Malware and Ransomware.