Smishing and Vishing - How To Protect Yourself
Most of us are now on the lookout for Phishing emails. Some fraudsters have turned their attention to text messages and voice calling. SMiShing (combination of SMS, Short Message Service protocol used to send text messages and Phishing) as well as Vishing (Voice Phishing) is on the rise. Fraudsters are bypassing your inbox and calling/texting your home or mobile devices. All flavors of Phishing (email, phone, and text) attempt to gain personal, confidential information to conduct fraudulent transactions.The fraudster impersonates legitimate companies and will have just enough information to try to convince you they are real.
Smishing is a new form of identity theft targeting cell phone users. We tend to have our cell phone with us at all times and may respond quickly as the message will have a sense of urgency to update confidential information to avoid a threat or risk. Similar to email phishing, Smishing occurs when a fraudster sends you a SMS\text message targeted to gain confidential information via a malicious web link and spoofed or fake website links. Malware may be downloaded to your phone if you activate a link in a text message as it’s harder to validate the authenticity of the link as compared to an email link. The URL is condensed with no way to preview the entire link. Fraudsters use this to their advantage as the text may include an invalid website link that takes you to an authentic looking site to download their malicious app or trick you into providing logins, passwords or other financial information. Examples:
Vishing is social engineering over the phone and it has been around for a long time, yet it is still effective. It can be an unexpected phone call claiming your credit or bank ATM\debit card has been compromised or your computer\mobile device is sending error messages and has numerous viruses and security issues. The fraudster typically claims to be a legitimate business, such as a financial provider or a major computer software\technical support company. Tech support scams, from January through April 2016, have reported over $2,268,982 in losses. Vishing is on the rise in combination with caller ID spoofing. This helps validate these attacks by falsifying the caller ID, hoping you will trust the fraudster’s call.
Fraudsters also combine Smishing and Vishing by placing a phone number in the text which can connect you to a fraudulent automated voice response system.
How To Protect Against Smishing and Vishing:
Lock down social media access.
Treat your cell phone with the same security habits as your laptop\computer. Be cautious of unknown or suspicious texts, avoid clicking links and update your apps and operating systems frequently. Don’t respond to texts that request personal or financial information.
Do not give anyone remote access to your mobile devices, laptops or computers. Cardinal Bank will never contact you for your online banking login, password or access to your computer or mobile device. Any legitimate company will not contact you directly for remote access unless you initiated the call.
Don’t trust caller ID as it is not 100% and can provide a false sense of security. It can be spoofed or changed to appear as if it is from a trusted provider or even a local vendor when in reality the call could be coming from anywhere around the world.
Don’t call any phone numbers provided in an unexpected phone call, email, text or voicemail. Vishing can also occur from an authentic looking email or text instructing you to call a phone number that connects you to an automated answering service designed to steal your personal information.
Never validate information via a cold call, email or text. If you think the attempt to reach you is authentic, always validate the phone number from a trusted source such as bills, Cardinal Bank statements, the number on the back of your credit/debit card, or go directly to the company website from your browser address bar to make sure you are contacting your real service provider.
Download apps from trusted sources. Don’t download links received in text messages or unexpected emails.
To help reduce Smishing and Vishing, check with your cell phone provider to see if they offer SMS message blocking, reporting or mobile protection packages (some are free while others are subscription based). For Vishing, add your number to the US Do Not Call Registry.
If you have fallen victim to any form of Phishing, including Vishing or Smishing, contact Cardinal Bank immediately at 703.584.3400. Also contact the 3 major credit bureaus, report fraud promptly to your local law enforcement and to the Internet Crime Complaint Center via www.ic3.gov.