Phishing, Vishing, and Smishing—Your Employees Need to Know the Newest Schemes

Robinson+Cole Data Privacy + Security Insider
Contact

New dictionary words have been formed to describe online scams. Phishing, one that everyone knows by now, is when a scammer uses a pretext in an email to get someone to click on a link or attachment in the email to deploy malicious malware and ransomware.

Social engineering is when criminals conduct online search of individuals and companies by looking at Facebook and LinkedIn profiles and through Google searches to find out as much as possible about a company and its employees and develop a dossier on the company to launch a phishing, vishing or smishing scam.

Vishing can occur, for example, when a criminal buys a similar domain to a company domain, then adds some security terms to make it look like they are from the IT department of the company and calls an employee, tells them a story about how they need to update the VPN or add additional security measures, sends the employee an email from the fake company email address and while they are on the phone with the employee, convinces the employee to put their user name and password into the pop-up, now allowing the criminal full access to the employee’s account.

And smishing (it’s so new that spell check doesn’t recognize it) is when the scammers use a text (SMS messaging) as the ruse instead of an email or a telephone call.

People tend to trust text messages more than emails. They also read them more frequently and faster than emails. Scammers are using old techniques with new technology to get people to click on embedded links to introduce malicious malware into individuals’ phones or to give up personal or corporate credentials. Now the scam is using text messages.

This should be concerning for IT professionals since so many employees use their personal phones for work. Even though the employees are being targeted on their personal phones, the smishing scams can be a threat to corporate security. IT professionals may wish to add smishing as a technique when providing security training to employees so they are aware of the latest techniques used by criminals.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Contact
more
less

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.