Don’t get Phished, Smished, Vished or Pharmed
PHISHING
“Phishing” refers to criminal activity that attempts to fraudulently obtain sensitive information via email communication. There are several ways a cyber thief will try to obtain sensitive information such as your driver’s license, credit card information, or bank account information, they then use it to impersonate or defraud people.
These emails can look very real, and some will even use the branding and logos of a legitimate organisation to make the email seem genuine. The BIG thing to remember is to THINK BEFORE YOU CLICK!
What are the “flags” that indicate you are being Phished…and what you should do.
- Do you know the sender of the email? If yes, still be cautious before clicking a link. If no, do not click any links.
- Are there any attachments in the email? If so, is the attachment an executable (a file with the extension .exe, .bat, .com, .vbs, .reg, .msi, .pif, .pl, .php)? If so, do not click on the attachment. Even if the file does not contain one of theabove mentioned extensions, be cautious about opening it. Contact the sender to verify its contents.
- Does the email request personal information? If so, do not reply.
- Does the email contain grammatical errors? If so, be suspicious.
- If you have a relationship with the company, are they addressing you by name?
- Have you checked the link? Mouse over the link and check the URL.
- Does it looklegitimate or does it look like it will take you to a different Web site?
If you have a professional agreement ask about our free online education track on Phishing for your staff. Further layers of education are available to keep current and cyber awareness of your risks.
SMISHING
Just like Phishing except smishing is via SMS texting on your mobile phone. The trick is that we are less suspicious on our phones than we are on our computers and phones are generally less secure than our PC.
Often the text will contain an URL or phone number. The phone number often has an automated voice response system. The smishing message usually asks for your immediate attention. In many cases, the smishing message will come from an odd looking number instead of displaying an actual phone number. This usually indicates the SMS message was sent via email to the cell phone, and not sent from another cell phone. Do not respond to smishing messages.
What are the “flags” that indicate you are being Smished…and what you should do.
- Abnormally long numbers
- A family crisis type text to cause alarm
- Text for refund
- Random prizes
- Avoid tapping on any links in random text messages and also if it appears to be a random link from a friend
- Confer with friends if they sent any text links
- Never give out personal information
- If asked to call a number back and you are unsure of the validity – go to the website and verify the phone number
- Install anti-malware such as authpoint on your device(s)
VISHING
Vishing is the phone’s version of email phishing and uses automated and real voice messaging to steal confidential information. … Vishing attacks use a spoofed caller ID, which can make the attack look like it comes from either a known number or perhaps an 0800-number that might cause the employee to pick up the phone.
The telephone version of phishing. Vishing relies on “social engineering” techniques to trick you into providing information that others can use to access and use your important accounts. People can also use this information to pretend to be you and open new lines of credit.
What are the “flags” that indicate you are being Vished…and what you should do.
- The scammer (person or pre-recorded message) will say account has been compromised, claim to be your bank and offer to help you install software, ask for login credentials to fix the problem or ask you to make a new payment.
- A scammer may phone you with an amazing investment opportunity, pay off all your debt, or student loans waivered.
- Tax returns and medical care requests
- A sense of urgency is sometimes used to create fear
- Claim to be departmental and asking for confirmation of your personal information
- Understanding what a vishing attack can look like by reading this and being informed
- Remain calm, hang up and do your own investigation
- Look up the company and call them
- Block the number
- Do not press any numbers or reply “Yes” using your voice when asked unless you are 100% sure
- If you have been tricked – contact your bank and get their advice immediately.
PHARMING
Pharming is again a form of Phishing online fraud involving malicious code and fraudulent websites. Cybercriminals install malicious code on your computer or server. The code automatically directs you to bogus websites without your knowledge or consent.
This code then redirects clicks you make on a Web site to another fraudulent Web site without your consent or knowledge.
What are the “flags” that indicate you are being Vished…and what you should do.
- PayPal or credit or debit card charges that you do not recognise
- Posts or messages on your social media that you did not post
- Friend or connection requests from your social media that you did not send
- Changed passwords in any of your online accounts
- New programs appearing on your device which you did not download or install
- Think before you click on anything!
- Be careful when entering financial information on a Web site. Follow links that begin with HTTPS as opposed to just HTTP (the S stands for safety.) Look for the key or lock symbol at the bottom of the browser. If the Web site looks different than when you last visited, be suspicious and don’t click unless you are absolutely certain the site is safe.
- Check URLs for typos
- Avoid deals that appear too good to be true
- Use 2FA
- Change passwords regularly and use strong ones
- Use Fisheye for all your security layers – reputable internet service provider, anti -malware, anti-virus, cyber security awareness programmes, MFA, support team
- Follow the basic computer safety guidelines.
