October is National Cybersecurity Awareness month. In support of this important risk mitigation effort, please enjoy this post about Vishing & SMiShing Scams.
Have you noticed a marked increase in the number of scam phone calls and text messages you receive? It’s not your imagination. At the beginning of June CNBC reported that Americans had already received over 16 billion robocalls in 2018! Unwanted calls are the biggest consumer complaint received by the Federal Communications Commission (FCC) and their top consumer protection priority. Vishing is the fraudulent practice of making phone calls or leaving voice mail messages from an allegedly reputable organization with the intent of obtaining personal information.
SMS is an acronym for Short Message Service, more commonly known as a text message. SMiShing is a type of phishing attack where mobile phone users receive text messages requesting sensitive information or containing a malicious link. Statista.com forecasts the number of mobile phone users worldwide will surpass 5 billion by 2019. According to a 2017 Forbes article, text messages have an open rate of 98% and up to 90% of people who open the message read it within 3 seconds! Given these statistics, it was inevitable SMiShing attacks would increase.
Scammers are increasingly using Internet technology and location data to better target individuals and hide from law enforcement. Disguising the identity of the caller by faking caller id information is known as spoofing and has become cheap and easy with advancements in technology. “Neighbor” spoofing is used to make it look like the call came from your local area. It is even possible that you could see your own telephone number hijacked and appear in the caller id. Posing as the IRS, a utility company, or tech support company are just a few examples of the many scams being perpetrated. By employing technology, scammers are able to simply and inexpensively cast a wide net and reach an enormous number of people.
Though paying taxes with a gift card may sound absurd to the cyber aware, a former Indian call center rep interviewed for an article in The Guardian indicated that “one out of 10 people would freak out.” These sophisticated and well-organized operations use fear and deceit to bilk millions out of the most vulnerable consumers. In July after years of investigations, the US Department of Justice sentenced 24 defendants in a multimillion dollar India-based call center scam targeting US victims. Call center reps impersonated IRS and US Citizenship and Immigration Services employees to con callers into believing they would be arrested or deported if they did not pay. The IRS does not initiate contact with taxpayers by email, text message or social media channels to request personal or financial information. In addition, they do not demand immediate payment in the form of gift cards or threaten to bring the “cops” to your location. Click here for an IRS Fact Sheet.
According to a 2016 survey commissioned by Microsoft, two out of three global consumers had been exposed to a tech support scam in the previous year. Fraudsters take advantage of people who are not tech savvy then use fear and deception to convince them to allow remote access to computers in an effort to steal personal information or install malware. Be aware that the caller id may be spoofed to look like the name of a real company; however, tech support companies do not cold call consumers. In addition, legitimate companies do not put their telephone numbers on pop-ups or virus warnings.
Tips to Defend Against Vishing:
- National Do Not Call Registry: Register your home or mobile phone number to prohibit sales calls. Admittedly, this will provide little protection from scammers who are not interested in following regulations.
- Do not answer calls from telephone numbers you do not recognize. If you answer, do not respond to any questions and immediately hang up the phone. Don’t press 1 or any other number with the hopes that you’ll be removed from the list. Pressing any number will most likely lead to more calls.
- If you have a voice mail account with your phone service, be sure to set a password.
- Contact your provider and inquire about available blocking tools.
- Report unwanted calls to the Federal Trade Commission (FTC).
Tips to Defend Against SMiShing:
- Install anti-virus software.
- Forego entering contests that ask you to provide your mobile number.
- Update your smartphone’s operating system to the latest version.
- Only download apps from verified app stores. If possible, set your phone to block apps from unknown sources.
- Be very suspicious of urgent security alerts and coupons.
- Be on the lookout for messages that contain a number that is not a phone number.
- Never reply to a text message even if it says to “text stop receiving messages.” If you reply, chances are you will end up receiving more messages because it will confirm that the number is actually associated with someone.
- Never click on any links including a reply link or phone number in a message you’re unsure of.
- Block the number via your phone’s software.
- If the message appears to be from a real company, call the company’s customer service number from its official website to inquire about the message.
- Report unwanted text messages to the Federal Trade Commission (FTC).
- Do not store your credit card or banking info on your smartphone.