The Latest Scams: Smishing and Vishing
Scammers are developing new techniques all the time. In recent years, they’ve added smishing and vishing to the arsenal of tools that they can use to ruin your day. What are these new threats, and how do we protect ourselves against them?
Smishing and Vishing: Same Threat, New Delivery
It’s 2019, and almost all of us know to watch what we click or download when we receive suspicious emails. Thieves know this too, and they’ve adapted by moving their scams to a new medium: texting and voicemail.
These days, nearly everyone in America (95%) owns a cell phone, and more than 77% own a smartphone, according to the Pew Research Center. One study found that more than 15 million texts are sent every minute of the day. With smishing and vishing, scammers contact you directly by texting or calling you to steal your identity or assets.
How Smishing Works
Smishers (or “smishermen”) send you a text or SMS message in the hopes that you will respond by sending them your private information. This is dangerous because people aren’t as accustomed to being scammed through texts. Consequently, they are more likely to click on a link in a text message than an email, even when it came from an unfamiliar number.
Smishing: An Example
You get a text from a number you don’t recognize. The message looks like an opt-out for a service you don’t remember ordering.
Luckily, the message includes a link. All you have to do is click it, authenticate your account by providing your log-in information or maybe your social security number, and the service will be cancelled. You “cancel the service,” which of course never existed in the first place, and the scammer gets information that they can use to hack into your actual account, or open other accounts in your name.
Smishing: How Do You Protect Yourself?
Don’t click on links sent from people you don’t know. Also, be wary of texts that don’t appear to have been sent from a phone – like those sent by email. Also, consider calling friends or acquaintances who appear to have sent you a suspicious text – just to ensure that it was really from them.
How Vishing Works
Vishing takes the phishing game to a new level. Vishers (“vishermen”) call you directly, on your cell phone or landline. They might use caller ID spoofing to trick your caller ID into showing a local number, maybe one you even recognize.
Usually, an automated recording plays once you answer, alerting you to some sort of manufactured crisis. Occasionally, the visherman will get a living, breathing human to contact you. Either way, they rely on the immediacy of the phone call and the urgency of their manufactured scenario to build your trust before they victimize you. If you don’t answer, they might leave you a voicemail asking you to call them back.
Vishing: An Example
Your cell phone rings during your lunch break. You pick up, and the voice on the other end tells you that there’s been unexpected activity on your credit card. They suspect it’s fraudulent. The prerecorded message tells you to hang up and call your bank at the number they are handily providing you.
You do as they say. Another automated voice tells you to enter your credit card information. The voice thanks you, and then asks you to enter more personal information so that they can confirm your identity. The identity thieves end up with not just your credit card information but also your PIN, date of birth, and more.
Vishing: How Do You Protect Yourself?
Simple awareness and a healthy amount of skepticism go far in protecting you from vishermen who come calling for your personal data. You’re probably already wary of emails asking for your personal information; just exercise the same caution with texts and calls.
Don’t always trust the caller ID information displayed on your phone. Even if you recognize the name or number appearing on your phone, it’s relatively easy to spoof caller IDs. Lastly, if you do find yourself talking with someone you suspect might be vishing, ask them questions – like who they work for. Tell them you’ll call them back after you have a chance to look into what they told you.
If you call your financial institution, make sure you’re doing so at a phone number you found on their website or listed on their correspondence with you (and make sure the website or correspondence you’re looking at is the real deal as well). Lastly, report the incident to the FTC or to the Internet Crime Complaint Center, so they can record and investigate it.
While techniques may change as new technologies develop and mature, scammers will always rely on winning your trust before ripping you off. However they carry out their scam, whether it be through smishing, vishing, or some other method, a solid knowledge of cybersecurity best practices and a dose of skepticism will go far in protecting you from scams whenever and however they appear.