PVS (Phishing, Vishing, Smishing)

June 28, 2020 |
Study Time

Hello and thank you for visiting my blog. There’s something I haven’t told a lot of people. In my country of birth, I am the first son of the king, making me next in line to be king. But I am in need of some help. My money is tied up in some infrastructure projects in my country. If you loan me $100, I would be able to access that money and once my money frees up, I will reward you with $10,000. To me, this sounds too good to be true but there are many people that have fallen for scams of the ilk. Many have seen their savings depleted. You might have heard of this category of long-running scams or at the very least seen its memes. According to the Better Business Bureau (BBB), “Nigerian letter scams, these "fund transfer" frauds reach intended victims by fax, letter or email. The sender, who claims to be a government official or member of a royal family, requests assistance in transferring millions of dollars of excess money out of Nigeria and promises to pay the person for his or her help. The message is always of an “urgent, private” nature.” This scam and others of similar fashion are categorized as phishing. Phishing is an attempt to trick a person into divulging sensitive information to criminals. Check your junk mail and you’ll probably see a ton of them. Multiple variants of phishing are being employed to take advantage of the unsuspecting. Vishing (Voice Phishing) as the name might suggest is similar to phishing, but the phone is the medium attackers use to obtain information. A Krebs on Security article (link below) I read involved a man being scammed into giving his bank pin to a convincing scammer. In the article, the scammer posed as a bank warning of possible fraud. With well rehearsed lines for different ways the conversation could turn, the scammer was able to obtain the victim’s ATM pin, 3-digit security code, and his mother’s maiden name. Smishing (SMS Phishing) is another technique criminals use that involves SMS/text messages. Text messages most likely asking you to click on the URL included in a message or to reply back to a message. I’ve mostly seen these referencing issues with a bank account. These threats are very real and are becoming more prevalent. We all have to be on the lookout for signs of these attacks taking place. Here are some things to look out for when checking emails, talking on the phone, and checking your texts: Phishing When I get an email, be it on my work account or my personal account, I always look at the sender. Is the domain a whole bunch of nonsense or is it from a reputable organization? I’ll use Chase as an example. If I see an email from support@chase.com I am more likely to believe its legitimacy. However, if the email address is something like suport@chase.bank.com I would be careful. Phishing emails also have a sense of urgency. Examples include winning something and you must claim your prize now, or there is an emergency and you must click a link to address the issue. While phishing is becoming more well thought out, there are still plenty that look like they haven’t been proofread. Be on the lookout for bad grammar and misspelled words. Vishing + Smishing I paired these two together because they are both related to the core functionality of your phone. If you are being contacted by an unknown number, always switch into suspicious mode. When speaking with this unknown person, let them prove their identity. Don’t be fooled if they know some information about you. If you’ve ever used social media, there is a good chance the most basic information about you is available. Don’t provide any information until you’re 100% confident in the person you are speaking with. If you receive an unsolicited SMS message containing a link, never click it. When I get these messages, I usually go into airplane mode (to avoid accidentally clicking it), copy the link, and use google’s Virustotal (virustotal.com) to check whether the link is malicious. When I do this, it is because I am curious, but the safe bet would be to delete the message. Even if the message says to text STOP to no longer receive messages, don’t do it. Delete. If you are concerned and having a hard time determining if a message or call is legit, call the support of the company that is reaching out to you. Let them know you just received a call/message and would like to verify its legitimacy. This way you know that you are speaking with a representative from the establishment. This method can take up a few more minutes of your time, but those few minutes can help you avoid having to change your bank account or having to deal with a compromised account. The Anti-Phishing Work Group’s (APWG) ‘Activity Trends Report’ shows phishing has been increasing. The report published in November 2019 showed levels of phishing not seen since 2016. I would wager levels have only increased due to COVID-19 themed attacks. As we continue to spend hours a day on our phones and checking our emails, we must be vigilant. Teach other people in your family what signs to look out for and hopefully, we can all reduce the number of phishing attempts in the next APWG report. BBB - https://www.bbb.org/new-… Krebs on Security - https://krebsonsecurity.… APWG - https://docs.apwg.org/re…