October is National Cybersecurity Awareness month. In support of this important risk mitigation effort, please enjoy this post about Vishing & SMiShing Scams.
Have you noticed a marked increase in the number of scam phone calls and text messages you receive? It’s not your imagination. At the beginning of June CNBC reported that Americans had already received over 16 billion robocalls in 2018! Unwanted calls are the biggest consumer complaint received by the Federal Communications Commission (FCC) and their top consumer protection priority. Vishing is the fraudulent practice of making phone calls or leaving voice mail messages from an allegedly reputable organization with the intent of obtaining personal information.
SMS is an acronym for Short Message Service, more commonly known as a text message. SMiShing is a type of phishing attack where mobile phone users receive text messages requesting sensitive information or containing a malicious link. Statista.com forecasts the number of mobile phone users worldwide will surpass 5 billion by 2019. According to a 2017 Forbes article, text messages have an open rate of 98% and up to 90% of people who open the message read it within 3 seconds! Given these statistics, it was inevitable SMiShing attacks would increase.
Scammers are increasingly using Internet technology and location data to better target individuals and hide from law enforcement. Disguising the identity of the caller by faking caller id information is known as spoofing and has become cheap and easy with advancements in technology. “Neighbor” spoofing is used to make it look like the call came from your local area. It is even possible that you could see your own telephone number hijacked and appear in the caller id. Posing as the IRS, a utility company, or tech support company are just a few examples of the many scams being perpetrated. By employing technology, scammers are able to simply and inexpensively cast a wide net and reach an enormous number of people.
Though paying taxes with a gift card may sound absurd to the cyber aware, a former Indian call center rep interviewed for an article in The Guardian indicated that “one out of 10 people would freak out.” These sophisticated and well-organized operations use fear and deceit to bilk millions out of the most vulnerable consumers. In July after years of investigations, the US Department of Justice sentenced 24 defendants in a multimillion dollar India-based call center scam targeting US victims. Call center reps impersonated IRS and US Citizenship and Immigration Services employees to con callers into believing they would be arrested or deported if they did not pay. The IRS does not initiate contact with taxpayers by email, text message or social media channels to request personal or financial information. In addition, they do not demand immediate payment in the form of gift cards or threaten to bring the “cops” to your location. Click here for an IRS Fact Sheet.
According to a 2016 survey commissioned by Microsoft, two out of three global consumers had been exposed to a tech support scam in the previous year. Fraudsters take advantage of people who are not tech savvy then use fear and deception to convince them to allow remote access to computers in an effort to steal personal information or install malware. Be aware that the caller id may be spoofed to look like the name of a real company; however, tech support companies do not cold call consumers. In addition, legitimate companies do not put their telephone numbers on pop-ups or virus warnings.
Tips to Defend Against Vishing:
Tips to Defend Against SMiShing: