Phishing, smishing and vishing: how to avoid online scams at work

The damage caused by cybercrime is expected to cost the world $6 trillion every year by 2021.

Vigilance is therefore very importance, but with 62% of data breaches resulting from human error, there’s clearly some work to be done.

In this post, we’re going to highlight three of the most common online scams and explain how you can avoid falling foul of them in the workplace. 

Phishing

How it works

Phishing uses social engineering techniques to obtain sensitive information from individuals.

The goal of the attacker may be to obtain usernames, passwords or financial data, and they do so typically by sending emails that appear to be from reliable sources.

Phishing emails vary in ‘quality’ but those that pull off the trick effectively will look very much like messages sent from well-known businesses.

For instance, an email purporting to be from Apple may ask you to click a link in order to confirm your account details. Beyond that click will lie a webpage built by hackers which again looks like an official Apple webpage.

Enter your username and password into such a page, however, and the information will be immediately captured by the hackers.

How you and your colleagues can avoid becoming a victim

• Think before clicking. Your bank will never ask for your details over email. Many companies would never ask you to confirm your password via email. If something looks fishy, it probably is.
• Check the sender address. Unsophisticated phishing attacks will most likely feature suspect email addresses from which they have been sent.
• Keep everything up-to-date. Operating system vendors and email client providers work hard to fight against phishing. Make that hard work count by updating your software at every opportunity (unless your IT department does it for you).

Smishing (SMS Phishing)

How it works

Ninety percent of text messages are opened within fifteen minutes of being received.

For hackers, such engagement is gold dust, which explains the prevalence of ‘smishing’.

Arriving as text messages, smishing attacks attempt to obtain personal information. They usually elicit a sense of urgency by suggesting something bad will happen if you don’t click a link or call a specific number.

How you and your colleagues can avoid becoming a victim

• If you receive a text message from a number you don’t recognise containing a link or telephone number to call, delete it.
• If a message arrives that is apparently from your bank, call them on an official number to check its validity.
• If a text message urges you to do something immediately, stop and think. Remember - criminals prey on fear.

Vishing

How it works

Short for ‘VoIP phishing’, vishing is an electronic fraud tactic where criminals trick people into revealing personal or financial information.

They’re usually conducted via VoIP (voice over IP), landlines or mobile networks, with hackers using social engineering techniques to force you into believing they’re from a reputable entity.

Fictitious license revocations, arrests and accidents are the most common vishing scams and rely on high levels of persuasion on behalf of the scammer.

How you and your colleagues can avoid becoming a victim

• Never divulge any sensitive information over the phone unless you made the call to an official number.
• If an unknown caller makes you feel uncomfortable, hang up.
• Avoid getting into conversations with unknown people on the phone; it’s easy to get caught up in a persuasive conversation conducted by a scammer.

The takeaway is simple; never divulge anything to someone you don’t know, regardless of where they purport to be from or how convincing their story.

Hackers will continue to evolve and use increasingly sophisticated techniques to obtain personal data, but one fact will remain: reputable business or bank will never contact you unannounced to ask for personal data.