Logo  
january 2023
 

Phishing, Smishing and Vishing | Best Practices

Phishing, smishing and vishing are social engineering techniques used by cybercriminals in an attempt to obtain personal information or install malware to allow them to carry out fraud (especially financial fraud).
For that purpose, the attacker uses an electronic means to send content that allows him, for example, to simulate a real brand, pretending to be someone trustworthy in an attempt to get the victim to pass sensitive information or to perform something, in this case using malicious attachments. When this technique is used through SMS it is called smishing. By phone (voice) it is called vishing. This technique can also be used through instant messaging on social networking applications such as WhatsApp.

Knowing what methods cybercriminals use and how to identify them can help you avoid becoming a victim.

Intro1
 
 

What is Phishing?

Image1

Phishing is a method of cyber-attack that attempts to trick victims into clicking on fraudulent links sent via email. The link usually leads the victim to a seemingly legitimate form that requests sensitive information or leads to the download of some file containing malicious functionality.

A classic example is receiving an email informing you that your bank account has been blocked and asking you to click on a link to regain access. In fact, that link will lead to a fraudulent form that simply collects your information and from there they can access your account and steal your money.

 
 

What is Smishing?

Image2

Smishing is a type of fraud similar to phishing, except it comes in the form of a text message. A smishing text usually contains a fraudulent link. By following the link and the instructions provided, the victim ends up inadvertently installing malware, which will usually serve to facilitate the attacker in obtaining illicit financial gain over the victim.

These smishing text messages may look like urgent requests sent from a bank or parcel delivery service, for example. It can be easy to fall for this scam if you think you need to act quickly to solve an urgent problem and do not take steps to verify the veracity of the message.

 
 

What is Vishing?

Image3

Fraudulent calls or voice messages fall under the category of "vishing". Cybercriminals call potential victims, often using pre-recorded robocalls, pretending to be a legitimate company to request personal information from a victim.

For example, to confirm your details with your Bank or to extend your car insurance cover. If you answer you may be served by a supposed agent and may be asked to provide personal information.

 
 

How to prevent Phishing, Smishing and Vishing attacks

Image4

To avoid becoming a victim of phishing, smishing or vishing, there are a few rules you should follow. These can directly protect you from fraud and reduce the likelihood of being targeted.

Do not click on attachments or links in emails, unsolicited messages or suspicious SMS.
When you are contacted, confirm the veracity of the originating email address, profile or phone number.
Always assess the timeliness, or timing, of the content of emails, instant messages, SMS or phone calls.
Do not share personal data or follow instructions without verifying from other sources the veracity of the request - for example, from the Bank's account manager or a line manager.
Be wary of messages with formal language errors, but also do not trust all messages just because they do not have formal language errors.
In organisations, carry out simulated phishing and smishing attacks, and possibly vishing, in order to raise awareness and levels of attention to these means.
Do not share sensitive data on social networks, as this may provide information to possible attackers who want to carry out spear phishing (phishing aimed at a specific person).
Report to the organisation's IT security officers or to the authorities whenever you are the target or victim of such an attack.
Be attentive and do not allow yourself to be persuaded without reflection by authoritarian requests, promises or urgent requests.

 

Archive

2024

2023

2022

2021

2020

2019

Subscribe our newsletter.


Cookie Consent X

Devoteam Cyber Trust S.A. uses cookies for analytical and more personalized information presentation purposes, based on your browsing habits and profile. For more detailed information, see our Cookie Policy.