Phishing gets two new neighbours, and they are just as deadly
Phishing, which is the theft of information through fraudulent identities, has branched into two new forms of cyberattacks called as Vishing and Smishing. With the outbreak of smartphones going into a boom, the cyber-criminals have shifted their focus onto mobile devices. And thus evolved the two new forms of attacks targeting unsuspecting people and the smartphones they always carry on their person. Vishing is a type of attacks that involves trapping a person through fraudulent phone calls. While Smishing involves text messages or WhatsApp messages to attract victims.
This blog will walk you through the methods, working and preventive measures against Vishing and Smishing. Let’s get started.
This attack follows two stages. In the first stage, the cybercriminal uses the technique of Phishing to gather personal, sensitive information about the victim. Using these credentials, he may fire some illegal transactions, until a roadblock occurs in the form of an OTP or user authentication (SMS OTP or digital token of some sort). This is when the attacker initiates a phone call and creates a situation of urgency or panic. In some way, the victim is forced to reveal this authentication information, thus giving the attacker a green signal to carry out the rest of the transaction.
- Be wary of suspicious phone calls; no authoritative body will ever contact you for sensitive details.
- Never divulge any personal details over phone call.
- In case you find yourself trapped in such a phone call, feel free to challenge the person on the other end to provide proof of authority. If the organization is genuine, they should have no problem getting back to you with proof.
- If you receive a text message, double-check through official channels.
An additional helpful thing might be to warn others if you find hints of such an attack. Social media, whatever its disadvantages may be, can help spread the word, making your friends and family safe.
This attack takes place dominantly through a text message, or nowadays, even WhatsApp messages. The attacker uses official-looking prefixes to imitate a legal organization. The trick used is to say that a suspicious transaction was carried out through your credit card. The intention is to scare you into thinking impulsively and divulging sensitive details.
- Know the prefixes of authentic messages. You can gain more insight into bulk message prefixes by following this discussion thread on Quora.
- Plain ignore any messages you cannot fully trust.
- Never call back on the number provided in the fraudulent message. As you might have observed, the preventive measures above emphasize on personal vigilance along with third-party protection service. Keep your knowledge of online security and safe use of media updated and current. Learn more about incidences and scams carried out through cyber channels.
However, some attacks might slip through the cracks. Speaking from a broader level, whether it be vishing, smishing or phishing, these cyberattacks are designed to force you to become reactive and click on malicious links. We have discussed the use of texts and calls, but another important avenue for cybercriminals is email, which can be heavily targeted with malware files and dangerous links. While dealing with email threats, along with personal vigilance, you might help fortify your online presence by engaging with services and packages made bespoke for your online security. Logix Infosecurity tackles Advanced Malware (known and unknown Malware), Spear-phishing, Domain Impersonation/ Domain Spoofing , Zero day, Whaling, Targeted Email threats, Ransomware, Crypto ware, and Business Email Crime(BEC) attacks with its multi layered , multi-tiered Security approach using our multiple threat intelligence detection & prevention tools. Get in touch with us and view our offerings here.