Monday, August 18, 2014

Phishing and Vishing and Smishing ...oh my!


Phishing is the slang term for using email to get people to divulge their personal information so it can be used to steal their identity.  Con artists use phishing emails to literally 'fish' for information that they can use to illegally access bank accounts and open credit card accounts.  In the past this scam was conducted over the phone - that's where the "ph" in phishing comes from.  

Here are some questions to ask if you think you have received a phishing attack:

  1. Do you know the sender of the email? If yes, still be cautious before clicking a link. If no, do not click any links.
  2. Are there any attachments in the email? If so, is the attachment an executable (a file with the extension .exe, .bat, .com, .vbs, .reg, .msi, .pif, .pl, .php)? If so, do not click on the attachment. Even if the file does not contain one of the above mentioned extensions, be cautious about opening it. Contact the sender to verify its contents.
  3. Does the email request personal information? If so, do not reply.
  4. Does the email contain grammatical errors? If so, be suspicious.
  5. If you have a relationship with the company, are they addressing you by name?
  6. Have you checked the link? Mouse over the link and check the URL. Does it look legitimate or does it look like it will take you to a different Web site?
You can use these same questions if you receive a vishing or smishing attack....

Vishing scams work like this: You receive an email that appears to be from your bank and it informs you that you need to call a specific phone number to re-confirm your account information.  The number they provide is, of course, bogus and when you call them and give them your account information, they simply use it to access your accounts illegally and take your money.  So instead of using a fake website to 'fish for information' they are using a fake phone number to fish for your voice.  Thus:  vishing.

Smishing scams are when con artists once again try to contact you and try to trick you into giving them your personal information - but this time they initiate the contact using a text message on your phone. Originally text messages were know as 'Short Message Service' or SMS and it's from that that we get the sm in smishing. 
  • In many cases, the smishing message will come from a '5000' number instead of displaying an actual phone number. This usually indicates the SMS message was sent via email to the cell phone, and not sent from another cell phone.  Do not respond to smishing messages.

No comments:

Post a Comment