Vishing, Smishing and Phishing- I know right?
It all sounds a little too well-rhymed to be real, doesn’t it? However official statistics released by Financial Fraud Action UK show that a fraud incident occurred every 15 seconds between January and June of 2016.
These fraudulent attacks come in different forms. There’s phishing, which is the sending of targeted emails to victims with the aim of stealing their banks details through a malicious link; these can be fake bank emails, for example, which tell users they need to follow the link and change their details. Then there is Smishing (SMS attacks), where users receive a text message containing a similar hyperlink. Finally, we have Vishing, phone calls and voicemails from scammers also purporting to be from a reputable source such as a bank or building society.
There are still many people falling for these attacks, adding the fuel to the fire – or should I say cash to the scammers’ bank accounts – which continues to drive these cruel hacks.
Ironically, one of my family members (who shall remain nameless* to avoid embarrassment) recently called me, having just ended a phone conversation with one of these scammers. She strongly advised they call back once Coronation Street had finished, which they agreed to – smart scammer (no-one gets between her and the Sunday omnibus). I was amazed that this degree-educated, street smart, doesn’t-suffer-fools-gladly powerhouse was telling me that her computer was infected and the man on the phone was available to call back and help her fix it. Of course, at this point I was tearing my hair out. Not only had she fallen for this scam, she had clearly not read ANY of the IT security blogs I’ve written. It’s safe to say that the call back at 5pm was a short one.
It’s amazing to think that these attacks are still doing the rounds, but with a successful strategy in place it doesn’t look like they’re going out of business anytime soon. The fast-paced ‘make a decision on the phone’ calls are causing people to be conned out of money at an alarming rate – check out how businesses are falling for similar scams. The callers instil fear in the victim, making people believe their device or their bank account has been hacked and they must take action to protect themselves. Little do they know what they’re about to do is hand over money they will see nothing for, and likely never get back.
Not only are these scammers infiltrating the homes of vulnerable, TV soap watching innocents, they’re even trying to get their foot in the door of companies across the UK. Ultimately the goal here is to get you to click on a link, locking down access to files and rendering your PC effectively useless.
A member of team TSG was recently called and asked about the webinar software we used. The caller wanted access to their TSG PC and wanted to send a link across which my colleague would then be asked to click. Of course, the phone call didn’t go any further thanks to the industry we work in, but there are many unsuspecting professionals up and down the country falling for these scams.
How to combat phone and email scams:
• Don’t be pressured into taking an action. Stop, think and take the time to understand the situation. Attackers are counting on you feeling pressured and making a snap decision; their whole scam relies on that. Don’t give in to what they are asking.
• Don’t provide personal details, bank details, or details relating to business software/systems and processes you might use. This puts the scammer in a position of power and opens the conversation further. 26% of people surveyed admit they still provide personal details to people claiming to be from their bank, even if they don’t think they should.
• 54% of UK companies have been hit by Ransomware. Protect your business with anti-virus software such as Sophos Intercept X. Read more about cyber-attacks and the IT security software that fights it here.
• Stay in control of the conversation and have the confidence to refuse requests for personal information if it doesn’t feel right.
• Be vigilant and share stories and experiences with colleagues, friends and family to make them aware of these phone calls and emails. Spread the word!