How To Avoid Vishing And Smishing
Cyber criminals are constantly out-clevering unsuspecting victims. How can you avoid getting hooked?
Vishing and smishing might sound like two characters in a children’s cartoon, but they are two of the most invasive and worrying criminal trends in modern society. These internet-based confidence tricks are similar to those infamous Nigerian prince emails from the 2000s, and they’re conducted over the phone or via social messaging platforms like WhatsApp.
What are vishing and smishing?
Vishing and smishing represent the phone and text message versions of phishing, where fraudsters use emails to impersonate legitimate organisations or people. Using a process called social engineering, victims are persuaded that they should prevent themselves being defrauded by working with the very people attempting to steam from them. Scams vary from crude to sophisticated, but they all follow similar patterns…
Vishing
Vishing may involve unsolicited phone calls from people claiming to represent a financial institution’s fraud team, or a government agency. They will politely but urgently request that the victim transfers money out of a ‘compromised’ account.
Smishing
Smishing often relies on phone calls as well, with an initial text message reporting suspicious account activity or requesting cooperation. Urgency is a key element of any attack, since it minimizes the amount of time victims have to become dubious or investigate the legitimacy of who’s contacting them.
Slippery Business
The scale of vishing and smishing is hard to quantify, since many victims feel too ashamed to report it. Indeed, some people struggle to accept that the sympathetic individuals they dealt with were actually attempting to steal from them. Fraudsters often have contact and bank details on hand, lending a veneer of plausibility to their claims of being legitimate personnel. They can cloak any caller ID to resemble an official number, while the ambient noise of a call center in the background will often be sound effects playing on a loop.
So, how do you avoid becoming a victim of vishing and smishing?
The golden rule is to be suspicious of anyone who approaches you unexpectedly. While banks and financial institutions sometimes contact customers about unusual account activity, they never request full passwords or monetary transfers. Consider what data these firms will have on file, and don’t provide anything more than basic information like your name and date of birth.
There are growing stories of people being followed home from ATMs and contacted by fraudsters who offer to collect bank cards ‘compromised’ by that machine, but banks would automatically cancel the cards rather than visiting your home. Similarly, banks will only ever ask for random characters from a password or PIN code – never the full set of characters.
Modern technology means criminals can hijack a phone line, so hang up on incoming calls and contact the company they claim to be representing using a different line. It’s possible to opt out of receiving unsolicited calls or texts, and messages from unknown people should be treated with the same suspicion as an unsolicited email with an attachment.
A common goal of vishing and smishing is to install spyware onto a victim’s computer or mobile device, which can then be used to steal information. There may be attempts to persuade victims to visit compromised websites – always resist all such requests. A search engine trawl will often identify known scams, which should immediately be reported to the relevant authorities.