Cyber Security

Vishing and Smishing: Social Engineering Fraud

Social Engineering fraud Vishing SMSishing

The latest scams and fraud attacks have evolved far beyond the infamous email from a “Nigerian prince” who wants to leave you millions.The dangerous rise here in the US and around the world, in Social Engineering fraud, now preys on human nature.  These tactics are increasingly sophisticated and can dupe you into thinking you are speaking to someone you know and trust. This type of psychological manipulation known as social engineering is essentially a confidence trick that influences a victim to do something that is not in one’s best interest

With the incredible advances in technical support and Cyber defense in place, protecting financial institutions and corporations from being hacked, Fraudsters are looking to target the one variable that can penetrate technology… Human Error.

SMSishing or SMS Phishing is a fraudulent text or email sent to a person’s phone requiring immediate action. The phone number will often be spoofed to look like the real businesses contact information. For example, a SMSishing attack might look like a text from your bank, saying they’ve uncovered fraudulent changes, asking you to call customer support immediately. When you call back the number from the text, they ask you to confirm your login username, password, social security number of worse. In these cases, it’s best to call the customer service number on your bank’s website or on the back of a credit card. NEVER take the shortcut and call the number that texted you by clicking directly on the text.

Vishing or Voice Phishing is usually a phone call using an automated voice system to obtain private information. The call will most likely come in using a spoofed phone number. The call will have a sense of urgency which requires the individual to take action or give out private details, without directly asking for it. An example of this is a recording on an automated system reporting suspicious activity on a bank account, credit card etc. The system will ask you to confirm your name, date of birth and mailing address at the sound of a tone or ask you press the pound sign. Other Vishing scams can come in the form of contest winner calls. For example, “Congratulations, you have won an all-expenses paid cruise/vacation… press one to book your reservation”.

This call will use winning a free trip to obtain information like driver’s licence and social security numbers to set up fraudulent credit cards in your name. It is essential that you never give out any information to automated voice system. If you have a computer close by, you can look up the phone number using a search engine, such as google. There are thousands of websites out there that record fraudulent Vishing attack phone numbers. Would be victims comment on their account of a call which you can and should compare your experience with.  

While many SMSishing and Vishing attacks often target people at home, these social engineering fraud attacks have caused extremely expensive intrusions in corporations all over the world. By posing as an IT professional, CFO’s from branch offices or upper management, these fraudsters have penetrated IRS tax information, stolen confidential files and employee records, costing corporations hundreds of millions over the last five years. Fraudsters will often wait until the end of a business day, to make calls like these. This tactic preys on a person who is often rushed to leave for the day or has his/her guard down.

A good rule of thumb, is to remember that if something is too convenient, or too good to be true, it most likely is. Always ask to call them back and look up a phone number rather than hit redial. No matter who may be calling, it’s best to hang up and confirm the identity of a person before handing out any of your personal information.

You Might Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>