Phishing, vishing, and smishing are all types of social engineering designed to trick humans into providing sensitive information in a variety of ways. It’s crucial to be aware of the different types of scams you may come across at work or at home to keep yourself safe and secure.
Phishing
Phishing is a type of social engineering where an attacker sends a fraudulent message designed to trick a human victim.
Phishing is at an all-time high; 90% of ransomware infections are the result of phishing scams.
Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site and transverse any additional security boundaries with the victim.
It’s important to question emails that you receive to determine if you are being phished. If you notice anything alarming or suspicious, do not click links, open attachments, or reply.
Is the sender asking me to click on a link or open an attachment to avoid a negative consequence, or to gain something of value? Is there a request that seems odd or illogical?
Is the email out of the ordinary? Does it have poor grammar, punctuation, or spelling errors?
Do I have an uncomfortable gut feeling about the sender’s request to open an attachment or link?
Vishing
Vishing is short for “voice phishing.” It involves tricking people into divulging sensitive information using social engineering.
Hackers will call from a ‘spoofed’ or fake number and pose as an employee, manager, or someone else that you may interact with.
Hackers are looking for employee names, titles, or ID numbers.
If someone contacts you requesting sensitive information, ask to speak to their supervisor, or tell them that you will call them back, giving you time to investigate the request.
Smishing
Smishing is a form of phishing that uses mobile phones to gather personal details, like social security or credit card numbers.
The Smish is through text or SMS messages.
Smishing uses text messages instead of email to trick the recipient into opening a malware attachment or clicking on a malicious link.
Examples include bank notifications, package/shipping updates, act-now coupons, and urgent warnings.