22nd Oct // 2018
You're probably aware of some of these phrases but keeping up to date will help you from falling victim to criminals trying to steal your data. Many have been around for some time - even before the Internet, but they are becoming more common.
Probably the best known phrase, this refers mainly to emails that are sent to try to trick victims into giving out information, for example to fill in details on a fake website. There are a number of types of phishing, a large trawl that is send to thousands of people in the hope that one or two may fall for the scam and targeted or spear phishing that could be sent, say, to the people in a single organisation or even a single person.
Some of these can be quite sophisticated with convincing wording and using correct brand logos and colours. Things to watch out for here are the sending email address, importantly not the sending name which can be easily spoofed. If you click on a name you can see the address it has come from. These are often slightly different from the correct domain, eg facebok.com or something more random such as password-reset.com. Also, check the grammar and spelling. Often these attacks are identified by poor attention to detail.
Even if the sending email address is correct, think about whether you asked for the email or whether it has come out of the blue. An example of one you asked for would be for a password reset or where you asked a friend for a link. One out of the blue could be an email that asks everyone to reset their passwords or they could be a link appearing to come from a friend where there account has been hacked.
The advice is never click on a link unless you are sure you have asked for it or if you have verified the source independently. To verify information, you should always go to the correct website via a recognised search engine or where you key in the name. Before you click on a link you should check that it appears to go to a domain you would expect, for example a shopping site. You do need to be careful here though as mailing programs often substitute the actual domain you are going to with a link that can identify you so they can check the efficiency of marketing campaigns.
Like phishing, smishing is seeking to collect data, but in this case it’s via text messages (or SMS - hence the name). Again it could be a link to click on where you are asked to fill in more information. One important thing to remember here, is that criminals can easily spoof text sending numbers, so they can appear in a genuine thread of messages, say from your bank. A recent example is from TV licensing where they used an actual text sending number. That meant the message was contained within the thread of genuine messages from TV Licensing.
Vishing refers to trying to get information from you over the phone and in some cases getting remote access to your computer. These have been around for some time and a common tactic is for criminals to stay on a phone line so their victims think they have verified them. For example, a criminal may say they are calling from a bank and they give the victim the actual bank number to call back on. But then they stay on the phone line. Many people don’t realise that they didn’t get a dial tone when they “ring back.” Another method is for a criminal to give the victim their own number to call back on. If someone tries this, always ring back using a published number that you have checked independently. For example, your bank’s phone number will be on the back of a debit card. These type of calls can be very friendly where a criminal is building up a profile or trying to get specific information such as your bank details or they can be aggressive. A recent example is a call from “Microsoft” saying your computer has been hacked or is at risk and they can fix it but they need remote access straight away. They can then either steal data or install spyware.
This is a more recent activity where a criminal researches your social media profiles to build up a picture about you. These often continue for months or years and they result in a request for money. In one example, a victim thought she was talking online to someone she met on a cruise but in actual fact it was a fake profile. It resulted in a request for money but it was picked up by the bank who suggested the lady speak to her family before sending funds. It then transpired that the person she thought she had been talking to had no idea. A fraudster had set up a fake profile. The main ways to avoid falling victim to these type of scams is to ensure that you check your privacy settings on all your social media accounts. There’s a great video here from CIFAS that describes how easy it is for criminals to target you: