Smishing and Vishing: How To Avoid Them?

You’re enjoying a relaxing Sunday afternoon tea after a long, hectic week at work when suddenly your phone gets bombarded with notifications of purchases you’ve never made. Anonymous callers ring you up to ask you for mailing addresses and credit card details for gifts of competitions you’ve never heard of before. These instances are the most common examples of cyberattack techniques referred to as smishing and vishing. So, what are vishing and smishing, and how can you avoid them? Our cybersecurity team at Perth has created a guide to protect you from the dangerous traps of cyberattacks.

What is vishing?

According to a global 2020 survey, 53% of employees do not know what vishing is. Vishing or voice phishing is a phishing attack that’s done via phone calls. Vishing scams usually use VoIP services like Skype.  

The scammers will create fake caller IDs to contact their victims. Vishing scams often begin with an automated message that tells you you’re a victim of identity fraud. They will then offer you a helpline number to resolve your issue and ask you for personal information. Since they appear to be from your local area or a familiar organisation, you might be tempted to give them the information being asked.

What is smishing?

Smishing or SMS phishing is a phishing attack that uses SMS to scam the victims. Similar to email scams, smishing attacks contain a threat or an urgent message with a link to force you into handing over sensitive, often personal, information. They could also be installation links for malware.

Smishing attacks will generally have a tone of urgency and can sometimes be difficult to differentiate from normal text messages. However, certain clues can help you identify them. If you get “urgent” messages regarding personal information leakage from an 11-digit mobile number and the message contains typos, it would most likely be a smishing message.

Awareness training and security practices that are in tune with the latest technological developments will make you more vigilant against such threats. Here are some simple steps to avoid being victims of smishing and vishing attacks.

1. Avoid responding to text messages from strangers. If there are any links, images or other attachments in such messages, do not tap them.

2. Never give out sensitive data like bank details, passwords and credit card details over phone calls or messages unless the recipients are people you’re familiar with. Government organisations and legitimate companies will never ask you to hand over these details over the phone.

3. If you receive messages and calls that provide no context other than “there is an urgent threat you need to take care of”, understand that such messages are most probably fake. Scammers try to feed on fear and greed, so even if you get emergency texts like these, always interrogate and make sure they are real before proceeding further.

4. Ignore emails and messages that ask for your phone number. Most phishing attacks start with scammers collecting phone numbers, so avoid giving out your number unless you have to. If you constantly get messages like these, report to your IT team and your authorities so they can take the required measures.

How to protect your employees from smishing and vishing attacks?

Though businesses take proper security measures against spear phishing, CEO fraud and malware attacks, they often overlook the risks of smishing and vishing. However, smishing and vishing attacks are very common cyber threats. And employees are the first line of defence against these attacks.

1. Awareness: The first step to fighting any crime is to be aware of it. Conduct mandatory security awareness training based on real-world examples.

2. Be approachable: Give your employees an easy way to report smishing and vishing attacks if they fall prey to them.

3. Practice: Use simulations to understand the extent of employee awareness regarding cyber fraud. Customise your training using the results from experiments like these.

4. Implement strict BYOD policies: If your company has a bring your own device (BYOD) policy, guide the employees on how to keep their devices secure. Prompt them to do updates and password protection when required.

The digital space is becoming more and more technologically advanced. Unfortunately, so are hackers and other cybercriminals. Though they sound scary, smishing and vishing can be easily avoided by being more thoughtful, more vigilant and taking adequate security measures. Do you want to learn more about smishing and vishing and how you can avoid them? We have your back. Contact us or email us at cybersecurity@computingaustralia.group for quick and efficient digital security solutions.

Jargon Buster

VoIP – Voice over internet protocol (VoIP) is the technology that allows you to communicate via calls over the internet.
Phishing – Phishing is a cybercrime in which a scammer uses fake messages or calls to collect sensitive data from their targets.
CEO fraud – It is the type of phishing in which scammers tricks employees of a workplace into giving information by impersonating their CEO or other company executives.