WATCH Hacking by Phone – Vishing and Smishing – Day 8 of Cybersecurity Awareness Month 2021
Mike Miller
Today we’re talking about smishing. And fishing with Craig Taylor of cyber Who? Correct? Those are funny words, what are they? What do they mean?
Craig Taylor
I’m glad you asked. smishing and vishing are nothing more than another form of social engineering, of which you’re probably familiar with phishing, which is emails that come into your inbox from hackers trying to convince you to click a link, give your credentials or download and install a file, all of which gives hackers remote access to your network and your data. Well, vishing smishing are the same things. Only vishing stands for voicemail phishing, or vishing. smishing is SMS or text message based social engineering attacks through your cell phone. So they’re the exact same attack on your business, but they happen to come through different mediums like voicemail systems, or text messages, they still represent a clear and present danger to your company.
Mike Miller
Okay, is there a good way to spot them?
Craig Taylor
Yes, as a matter of fact, that if you ask yourself, and first of all, in all things, social engineering, take a deep breath, when something’s not right. Give yourself a moment to make a good decision about what’s happening, whether it’s in your inbox, your voicemail, or a text message. A lot of times hackers will give you a sense of urgency like your accounts been compromised, or, and this can happen in any of these manners. And it makes you want to react and fix it quickly, because you’re so busy. But take a deep breath, and you’ll be fine and safe, you’ll make the right decision. vishing, smishing, and phishing all come unexpectedly to you.
No one ever told you, you’re going to be attacked tomorrow and watch out for it. It’s an unexpected receipt of a voicemail or a text message. There’s an urgency to it, there’s something wrong, that has to be fixed now. And oftentimes with phishing in your cell phone, you’ll get a text that’s too good to be true. You’ve won a prize and we’re sending you this wonderful TV, just click here to accept and send us your address. No, that is not there. You know, it’s too good to be true. Don’t trust it. They might not know your name. So it might be generically addressed. That’s another giveaway that you’re being fished, vicious or smashed. Links are suspicious, take a look at the link. If it’s like a Samsung award ceremony, and it’s a link to some other website that doesn’t relate to Samsung, you’re probably being socially engineered, so don’t trust it.
Mike Miller
And what what do you do if you go this? This looks sketchy?
Craig Taylor
So you’ve taken that deep breath and you’ve said this is sketchy. I don’t want to be fooled by this report. smishing vishing to your IT team within your company, that’s probably the best thing you can do. Because they might be able to send out an alert to others, maybe someone else reported it. And it’s being a targeted attack on people in your company. It’s good to share information. The more you know, the safer you are. Never reply to a smishing vishing attack simply deleted. The worst that could happen is they send it to you again and it’s legitimate at work. If that’s the case, if you say well, this just looks really legit. Call the person don’t use the phone number that’s in the Vish or this smish or the phishing attack. Look up the number in your own phone or on their website, call them and say hey, did is this legitimate what you’re sending me here because I just don’t feel it doesn’t feel right. Making that phone call could save you from compromising your entire company. So remember, that’s your call to action. Take a deep breath. Never believe in something that’s too good to be true. know the signs of a of an attack and report it to your IT Team.
