The expansion of technology into almost every aspect of our daily lives has enabled us to connect and communicate with the world around us faster and easier than ever before. But with the good, also comes danger. Cybercriminals continue to develop ever-evolving methods to take advantage of the various devices that streamline our careers, relationships, and finances – and use them against us through intuitive social engineering attacks such as vishing and smishing.
Subsets of phishing – the attempt of scammers to fraudulently obtain personal information – vishing and smishing schemes persuade unsuspecting victims into divulging sensitive information via voice calls and text messages. Both smishing and vishing play on a victim’s emotions by unloading a sense of urgency.
For example, a fraudster impersonating an IT staff member from their company may call or message a victim, asking them to verify their social security number or account information within five minutes or they will be locked out of their work account.
While the tactics are similar for both vishing and smishing, the delivery methods are what set them apart. Let’s take a look at how to identify and avoid these attempts.
Vishing, or voice phishing, occurs when a scammer calls an individual posing as someone from a trusted organization, such as their financial institution or law enforcement. The imposter asks for your personal information to supposedly alleviate an urgent matter but will use this information to access your accounts, open new accounts, or steal your identity. Vishing criminals typically disguise their numbers with a fake caller ID of a local area code or company you know and regularly target those using Voice over Internet Protocol (VoIP) services, such as Skype.
If a target does not pick up the vishing call, scammers may leave a voicemail message asking to call back. Some even go as far as to involve service centers, unaware of the fraudulent activity, to field your calls.
What you can do:
- Do not answer calls from numbers you don’t recognize.
- If you receive a voicemail from someone from an organization you think might be fraudulent, call the company’s published customer service line to double-check.
- Do not share any information about your accounts, finances, passwords, etc. over the phone.
- Don’t be afraid to ask questions! If something feels off about the conversation, ask the person on the other end information about themselves, why they need this information, and if you can talk to their supervisor – the more details, the better.
SMS phishing begins with a fraudulent text message to an individual with the motive of stealing funds or identities. Scammers will include a threat such as, “your bank account is about to be frozen,” or an enticement like, “you’ve just won an iPhone,” in their message to prompt you to take action. These threats and enticements trick recipients into clicking on an in-message link, calling a number, replying to the text, or installing security software onto their device to collect credit card details, birth dates, account credentials, or other personal information. Like vishing, smishing criminals send messages from a fake phone number or contact to fool you into believing the text is from a trusted source.
What you can do:
- Avoid opening any message with links from someone you don’t know.
- Never divulge personal information in a text message – trusted organizations will not ask you to do so.
- Refrain from clicking on in-message links, even if they seem trustworthy.
- Call the number listed on the company’s website and ask to follow up on or report the message you just received.
- Do not reply to messages from an unknown phone number.
- Messages insisting on a quick reply or stating you have won a prize are a clear sign of smishing – don’t respond.
- Research the phone number, individual, or company extensively before you considering replying.
- Understand your financial institution’s policy for communication and always call to confirm before taking action – it’s better to be safe than sorry.
Hackers and scammers will not yield in their attempt to access our personal information via every technological channel for financial gain. We can work to stop them in their tracks by understanding what to expect and how to handle every attack. Visit our security page to learn the steps APGFCU is taking to help keep your financial information safe.