Two kinds of “phishing” you may not know about make things worse for all of us: Vishing and Smishing. And unless you know what to look for, you just might get caught. Phishing is when hackers, viruses, and trojans send you emails that pretend to be your bank or other (usually financial) services company. The emails look legitimate, and claim that you need to log in, reset your password, or make some other change to your account that requires you to log in. Of course, the link they give you to your login screen is a fake. It’s actually on a hacked server that just looks real, but isn’t.
It’s actually on a hacked server that shows you a form that looks like it’s from your bank, with a logo, username and password field. It usually looks legit...but it isn’t. When you submit your username and password, their software logs into your bank or financial institution and clears out your account.
Unless you’ve been ignoring the news, you know to be on the look-out for every time you get an email from your "bank" or "brokerage".
What Are Vishing and Smishing?
But what about other messages you might get from your financial institution? The words “Vishing” and "Smishing" might sound like made-up words -- and they are -- but they are also the latest trends in cyber-crime. Vishing and Smishing are variants of Phishing and you need to know how to look out for them.
Vishing is an attack via voicemail. Rather than receiving an email that asks you to login, the request comes via a voicemail message and asks you to dial a phone number to resolve some problem with your account. When you call, you are asked for your account credentials...and you know the rest.
Smishing is exactly the same thing, but rather than receiving a voicemail, you get a text message with the same kind of request. With a Smishing attack, you are asked to either call a phone number or click a link in the text message.
How prevalent are Vishing and Smishing? There aren’t reliable statistics out yet, but recently two men were extradited from Romania to the USA to face 31 counts related to using Vishing and Smishing...a brief career that yielded $18 million in stolen funds.
How To Protect Yourself From Phishing, Vishing and Smishing
So how do you make sure you don’t fall prey to these new forms of phishing? If you get a text message or voicemail that claims to be from, start by being suspicious, and then follow these best practices.
- Do not click the link in the email.
- Do not call the phone number that they provide.
- Do call the phone number on your bank statement, the back of your credit card.
- Do visit the financial institution’s website by typing in the URL yourself!
- Do double-check to see that the URL in your browser is correct.
- Do check to see that there is a green lock icon in the browser bar, which indicates a secure connection to a legitimate website.
- Do get the customer service phone number from the home page before you log in.
- Do call to ask a representative about the email, voicemail or SMS message you received.
And if after doing that, you still are unsure about the legitimacy of the message you received, actually walk into the financial institution and show them the message or play the message for them.
This all applies to both you personally and your business. It may seem like a lot to go through, but consider the stakes: Your personal wealth or the health of your business may be in jeopardy. Nothing you do to make sure that your financial data is secure is too much.
Protect Your Business Today
At Digital Uppercut, we do far more than just take care of your computers. We’re a full service IT, Security and regulatory compliance company. And we care about you personally, as well. That is why we answer important security questions -- like “What are Vishing and Smishing” -- that could save you from disaster. If you are already a client of ours, then you know the great lengths we go to in order to keep your data secure. And if you’re not yet a client, give us a call at 818-913-1335 or contact us today. If you’ve got a business, it needs protection. And that’s what we do.