These confusing terms may sound like they belong in a Dr Seuss book but they are means that cyber criminals use to obtain sensitive information which would be used for personal gain.

Target information:

  • Full name
  • User name(s)
  • Email address
  • Address
  • Date of Birth
  • Social Security Number (US only)
  • Credit/Debit card details
  • Passwords, Access codes and PINs
  • Mother’s maiden name
  • Place of birth or other common password retrieval question

 

Phishing is a scam which targets victims via email where individuals are encouraged to click through to fraudulent sites, give personal information about themselves or even send money. The scams vary widely but a majority of them are fairly easy to spot. Other variations of phishing are spear phishing and whaling, they are both targeted forms of phishing in which managers, directors and CEO’s are the objective.

What to look out for:

  • Do you know the sender of the email? If not, do not open and do not click on any internal links. If you do, still be cautious.
  • Are there any unrequested/unexpected attachments? If so, do not open before contacting the sender via another means to verify contents.
  • Are there any grammatical errors or spelling mistakes? If so, be wary.
  • Does the email ask for personal information? If so, ignore it.
  • If you are associated with the business in question, are they addressing you by name?
  • Check any and all links by hovering the cursor over it to see the URL, will it take you to the expected website or a different one?

 

Vishing is when scammers contact you over the phone to extract personal information or trick you into giving access to your computer or accounts. This is a form of social engineering – an attempt to control social behaviour, fraudsters will impersonate a trusted company and leverage urgency to get victims to act quickly without thinking the situation through. A common scam: a person receives a call from Microsoft informing them that their computer has been compromised and that they must download software to solve the problem. The software is sent via email and if the file is opened malware will be downloaded onto their computer – the very thing they were trying to get rid of.

What to look out for:

  • Never give personal information over the phone to an unverified source. Companies like Microsoft will not contact you personally to warn you about malware, but would release frequent updates/patches to protect your machine from viruses.
  • If you received an unexpected request via email, text message or phone call to take some kind of action, the best course is to check the company’s details via their website and take any actions using those details.
  • If you are in any doubt about correspondence received, send it on to the customer service or security of the company in question to verify it.

 

Smishing is short for SMS phishing and it works much the same as phishing. Users are tricked into downloading a Trojan horse or virus onto their phones from an SMS text as opposed from an email onto their phone. Social engineering techniques are also used to leverage personal information and money from victims.

What to look out for:

  • Avoid clicking on links within text messages. It is even possible for scammers to piggy back onto existing message threads from trusted sources, like your bank. Double check all sources before sharing personal data or moving money if prompted to do so by text message.
  • Don’t respond to messages that request private or financial information from you.
  • Be wary of urgent messages that require immediate action, double check personally with your company with which you have an account before acting on any prompt. If it’s your bank, call the number on the back of your card.
  • Never call a phone number from an unidentified text.

 

Pharming scams use domain spoofing (in which the domain appears authentic) to redirect users to copies of popular websites where personal data like user names, passwords and financial information can be ‘farmed’ and collected for fraudulent use.

What to look out for:

  • Check the URL of any site that asks for any personal information. Ensure that the session begins at the known address of the site, without any additional characters.
  • Install a trusted anti-virus on your computer.
  • Do not disable or weaken your computer’s firewall also allow regular updates to further protect your machine.
  • Use a reliable and legitimate Internet Service Provider because significant security is needed at the ISP level as a first line of defence against pharming.

what is phishing smishing vishing pharming infographic

Further Reading:

How Scammers Monetise Stolen Credit Card Data: Infographic

What’s Your Weakest Link in Cyber Security? Infographic

How Managed IT Services is a Game Changer for Your Business