CYBERSECURITY - SMiShing: Robotext Scams on the Rise
Monday, October 24, 2022 –Week 4 of CyberSecurity Awareness Month
The Federal Communications Commission (FCC) warned of a
rise in SMiShing attacks sent via automated text messages in which robocallers
or robotexters use a sense of urgency and fear to get people to respond.
Complaints have included false but believable claims
about unpaid bills, package deliveries, financial accounts, or law enforcement
issues. Though some scammers are after your money, others are interested
in obtaining your personal information.
Multi-Step PayPal Phishing Scam
Hackers are now using invoices sent via PayPal.com to scam
recipients into calling a telephone number to dispute a pending charge. They
include a link at Paypal.com that displays an invoice for the fake transaction
stating there is a pending charge for hundreds of dollars
When the recipient calls the toll-free number provided to
refute the transaction, they are asked to download software that
enables scammers to assume control of their computer remotely. In addition to
stealing your personal information, hijackers use your computer to attack
Phishing is the #1 Way to Breach a
Cybercriminals combine simple methods to conduct
multi-step phishing scams by creating a pretext or fake scenario to build trust
e.g., sending a text message about financial fraud as a pretext to vishing.
Let’s review the different types of phishing methods:
Social Engineering - method for compromising businesses. All it takes is one click for a cyber criminal to gain access.
Spear Phishing - targets a recipient and includes personal or professional details to boost credibility.
Angler Phishing - practice of masquerading as a customer service account on social media with the intention of reaching a disgruntled customer.
Angler phishing attacks targets customers of financial institutions with the intention of luring targets into handing over access to their personal data or account credentials.
Whaling - a highly targeted attack of someone in a powerful position typically focused on senior leadership.
Business Email Compromise (BEC) - Cybercriminals impersonate company executives to trick employees into sending confidential information or wire transfers to bank accounts controlled by criminals.
SMiShing - sending a fraudulent text message requesting sensitive information or including a malicious link.
Vishing - fraudulent phone call or voice mail message from an allegedly reputable organization with the intent of obtaining personal information. Tech scams, such as unsolicited calls from someone purporting to be Microsoft, are a frequent ruse.
Consent Phishing – Tricks people into granting a malicious app access to sensitive data stored in the cloud.
Visually Deceptive Phishing - attacks using visually similar characters or shapes to spoof legitimate websites or email addresses.
Security Best Practices: Tips and Tricks for you
§ NEVER click on links in emails or text messages.
§ ALWAYS open a new browser and type in the website address.
§ Be suspicious of all unsolicited emails and text messages at home and work.
§ Do not respond to texts from unknown telephone numbers or that appear suspicious – even if the message requests that you “text STOP” to end messages.
§ Update your smart device operating system and security apps
§ Install anti-malware software
§ Review text blocking tools in your mobile phone settings, available third-party apps, and mobile phone carrier’s offerings.
§ Check app names, website addresses, and email addresses. Be aware that they are sometimes slightly modified to look legitimate and often redirect people to malicious websites.
§ Important to note that the most impersonated brands are Microsoft, Facebook, Netflix, Amazon, Comcast, PayPal, Wells Fargo, Chase, and LinkedIn.
REMEMBER – DO YOUR PART, BE SECURITY SMART!
(Intact Specialty Solutions)