Login
With the advent of technology and the widespread use of mobile phones, scam calls and texts have become increasingly common. These annoying and invasive attempts to trick you out of your personal information can be frightening and frustrating. They often come in the form of ‘vishing‘ and ‘smishing‘ attacks. But what exactly are these types of scams, and how can you protect yourself against them?
Vishing and smishing are two common methods used by scammers to steal personal information. Vishing, a combination of ‘voice’ and ‘phishing,’ typically involves a scammer calling you and pretending to be from a trusted organization, such as your bank. They may tell you that there has been unusual activity on your account and ask for your personal information to ‘resolve’ the issue.
Smishing, on the other hand, combines ‘SMS’ (text) and ‘phishing.’ In this type of scam, you may receive a text message stating that you have won a prize, or that there is a problem with your account. The message will instruct you to click on a link, which will then try and trick you into providing personal information.
The main strategy of scammers behind vishing and smishing attacks is volume. They send out calls and messages to a large number of phones, hoping that at least a few will fall for the scam. There are several ways these scammers can get bulk phone numbers for their attacks:
Data breaches are a common way for scammers to obtain phone numbers, along with names and email addresses. This information can give them everything they need to launch effective vishing and smishing attacks. While some breaches result in the loss of credit card or government ID numbers, others simply provide basic personal information that can be enough to make their scams seem legitimate.
Another method scammers use to get phone numbers is by purchasing lists from data brokers. These online entities collect and sell detailed information about millions of individuals, including their phone numbers. These lists can be bought for a few dollars with just a few clicks. The data brokers don’t care who they sell to, so even scammers can easily purchase these lists.
→ Dig Deeper: How Data Brokers Sell Your Identity
Scammers often scour social media platforms and online forums to gather personal information, including phone numbers. People sometimes inadvertently share their contact details or other personal information in public posts, comments, or private messages. Scammers exploit these details to build their contact lists.
Scammers may also access publicly available records and directories, such as online phone directories, business listings, or government databases. These sources can provide them with a substantial amount of phone numbers and associated information.
Some scammers use phishing emails or fraudulent online surveys to trick individuals into disclosing their personal information, which can include phone numbers. They may pose as legitimate organizations or institutions, enticing recipients to provide their contact information in the process.
You may have already seen smishing attacks without realizing what they were. Here are a few examples of common smishing scams:
One feature that these messages have in common is that they all include a link. These links often have unusual character strings and web addresses that do not match the supposed sender of the message. This is a clear indication that the message is a scam.
Fortunately, there are steps you can take to protect yourself against these types of scams. Here are a few tips:
Scammers have tools at their disposal that can tamper with caller ID, making it appear as though the call is coming from a trusted organization. Do not rely solely on caller ID to determine the legitimacy of a call or text.
→ Dig Deeper: Be on the Lookout for Scam Tech Support Calls
If you receive a call or text message that seems suspicious, do not provide any personal information. Instead, hang up or ignore the text and contact the organization directly to verify the request.
If you believe you have been the target of a vishing or smishing attack, document the incident and report it to the company it was supposedly from. Many organizations have dedicated fraud reporting tools for this purpose.
As a general rule, avoid clicking on links in text messages, especially if they look suspicious or you do not recognize the sender. If you have concerns, always contact the organization directly.
→ Dig Deeper: The Latest Mobile Scams & How To Stay Safe
There are a number of strategies that you can employ to combat these types of scams. One of the most effective ways is to install comprehensive online protection software like McAfee+ on your phone. This software offers features such as web protection that warns you of suspicious links in texts, search results, and websites you browse. If your personal information appears on the dark web, the software can alert you and provide guidance on how to proceed. It can also help you remove your personal information from data broker sites, reducing your exposure to data breaches and spam calls.
Another strategy is to educate yourself on the telltale signs of a scam call or text. For instance, scammers often use scare tactics or threats to manipulate you into giving up your personal information. If you receive a message that seems to play on your emotions or tries to rush you into action, it’s probably a scam. Legitimate businesses and organizations will not typically resort to such tactics. If in doubt, always contact the organization directly to verify the validity of the message.
Internet service providers and mobile carriers have a crucial role to play in combating vishing and smishing attacks. By implementing advanced security measures, they can help protect their customers from these types of scams. For example, many carriers now offer features such as scam call blocking and identification. These features can help you identify potentially fraudulent calls and texts and avoid falling victim to these scams.
ISPs and mobile carriers can also educate their customers about the risks of vishing and smishing. By providing clear, easy-to-understand information about these scams and how to avoid them, they can empower their customers to protect themselves. As these types of attacks become more sophisticated, the role of ISPs and mobile carriers in combating them will only become more important.
McAfee Pro Tip: Regardless of the nature of these unwelcome calls, there are proactive measures you can take to safeguard yourself and even prevent them from reaching you in the initial instance. Know how to beat and block robocalls.
In conclusion, vishing and smishing are increasingly common types of scams that target individuals through phone calls and text messages. These scams can be frightening and invasive, but by understanding how they work and implementing strategies to protect yourself, you can significantly reduce your risk of being a victim. Comprehensive online protection software, being vigilant to the signs of a scam, and leveraging features offered by your ISP or mobile carrier are all effective ways to combat these scams. Remember, if something doesn’t feel right, it probably isn’t – always contact the organization directly if you’re unsure about a call or text.
The post Those Annoying Scam Calls and Texts: How to Fight Back Against Vishing and Smishing appeared first on McAfee Blog.
Your phone buzzes. You hope it’s a reply from last night’s date, but instead you get an entirely different swooping feeling: It’s an alarming SMS text alerting you about suspicious activity on your bank account and that immediate action is necessary.
Take a deep breath and make sure to read the message carefully. Luckily, your assets could be completely safe. It could just be a smisher.
Smishing, or phishing over SMS, is a tactic where cybercriminals impersonate reputable organizations or people and trick people into handing over their personally identifiable information (PII) or financial details. Sometimes they can seem very credible with the information they have, and you may have even been expecting a correspondence of a similar nature.
So how can you tell when an SMS text is real and requires your attention? And how should you deal with a smisher to keep your identity safe?
Like email phishing and social media phishing, SMS text phishing often tries to use a strong emotion – like fear, anger, guilt, or excitement – to get you to respond immediately and without thinking through the request completely. Vishing is another phishing tactic over the phone, though instead of a text, the scammer leaves voicemails.
In the case of one coordinated smishing attack, cybercriminals not only impersonated financial institutions but collected PII on their targets ahead of time. The criminals then used these personal details – like old addresses and Social Security Numbers – to convince people that they were legitimate bank employees.1 But since when does a bank try to prove itself to the customer? Usually, it’s the other way around, where they’ll ask you to confirm your identity. Be wary of anyone who texts or calls you and has your PII. If you’re ever suspicious of a caller or texter claiming they’re a financial official, contact your bank through verified channels (chat, email, or phone) you find on the bank’s website to make sure.
Scammers also keep up with current events and attempt to impersonate well-known companies that have a reason to reach out to their customers. This adds false legitimacy to their message. For example, in the summer of 2022, Rogers Communications, a Canadian telecommunications provider, experienced an extended loss of service and told customers they could expect a reimbursement. Smishers jumped on the opportunity and sent a barrage of fake texts requesting banking details in order to carry out the reimbursement.2 However, Rogers credited customers directly to their Rogers accounts.
If you receive a suspicious text, go through these three steps to determine if you should follow up with the organization in question or simply delete and report the text.
Do you have text alerts enabled for your bank and utility accounts? If not, disregard any text claiming to be from those organizations. Companies will only contact you through the channels you have approved. Also, in the case of the Rogers smishing scheme, be aware of how a company plans to follow up with customers regarding reimbursements. You can find information like this on their official website and verified social channels.
ChatGPT might make it more difficult than spot smishing attempts because AI content generation tools usually use correct grammar and spelling. However, the tone is a good indicator of a scammer. If the tone of the text urges you to act quickly or proposes a dire consequence of ignoring the message, be on alert. While suspicious activity on your credit card is serious, your bank will likely reimburse you for charges you didn’t make, so you have time to check your bank account and see recent activities. Official correspondence from financial institutions will always be professional and will try to put you at ease, not make you panic.
Whenever you get a text from someone you don’t know, it’s a good practice to do an internet search for the number to see with whom it’s associated. If it’s a legitimate number, it should appear on the first page of the search results and direct to an official bank webpage.
Once you’ve identified a fake SMS alert, do not engage with it. Never click on any links in the message, as they can redirect you to risky sites or download malware to your device. Also, don’t reply to the text. A reply lets the criminal on the other end know that they reached a valid phone number, which may cause them to redouble their efforts. Finally, block the number and report it as spam.
A great absolute rule to always follow is to never give out your Social Security Number, banking information, usernames, or passwords over text.
To give you peace of mind in cases where you think a malicious actor has access to your PII, you can count on McAfee+. McAfee+ offers a comprehensive suite of identity and privacy protection services to help you feel more confident in your digital life.
1PC Mag, “Scammers Are Using Fake SMS Bank Fraud Alerts to Phish Victims, FBI Says”
2Daily Hive, “Rogers scam alert: Texts offering credit after outage are fake”
The post What Is Smishing? Here’s How to Spot Fake Texts and Keep Your Info Safe appeared first on McAfee Blog.
FreshRSS 