Have you ever received a mail, text, or link from your friend, colleague, or boss asking for a money transfer due to an emergency, or a link to a gift that is too good to be true?  

Ex: Click the link below I’ve ordered an iPhone 13 Pro Max for you! Message from a friend who still owes you 500 bucks. Messages like these mean you were a target for an attack. 

Cybercriminals use a variety of online scams to steal personal information, including phishing, vishing, and smishing, but this can be avoided with knowledge and proactive measures. But what exactly are they? 

Phishing. 

Cybercriminals often employ this technique the most. Customers are directed to a fake website that resembles their bank’s website by means of fraudulent emails. Fake fan pages on Facebook that post fraudulent content and ask users for private information may also cause this. 

Cybercriminals who engage in phishing frequently create false campaigns to update customer data or seek feedback participants in a grand prize that the bank purports to be hosting. Fraudulent websites ask for information like IDs, passwords for online banking, credit card numbers etc. 

Vishing  

The words phishing previously understood and “voice” when combined together create this term. It describes a threat where a fraudulent phone call is made using data that was previously obtained online 

There are two steps in this process. The cybercriminal first steals private information via email or a fake website (phishing), but in order to execute and validate an operation, they need the SMS password or digital passcode. Then the cybercriminal calls the client on the phone and poses as a bank employee. The cybercriminal tries to convince the victim to disclose the SMS password or digital passcode required to authorize transactions by sending high priority messages. 

Smishing. 

WhatsApp or text messages can be used, just like phone calls, to try to trick. This is where the term “smishing” originated. 

A customer is influenced when they receive a text message purporting to be from their bank informing them that a questionable purchase was made using their credit card. The text message provides a phony phone number and instructs the recipient to call their bank. When the customer picks up the phone again, the cybercriminal, posing as the bank, demands private information in order to cancel the transaction.  

The fact of the matter is that it is simple to defend against these attacks and their possible consequences. Only if you fall for the bait will the attack be damaging. You should keep in mind a few things to better defend yourself from these assaults. 

Tips To Recognize Phishing, Smishing, And Vishing by Their Common Features. 

1. Oh, so great offers: An offer that seems too good to be true or a warning of impending legal issues. Statements intended to immediately catch people’s attention are known as attention-getters. 
2. Urgent call to action or threats – Be suspicious of emails that claim you must click, call, or open an attachment immediately. Often, they’ll claim you have to act now to claim a reward or avoid a penalty. Creating a false sense of urgency is a common trick of phishing attacks and scams.  
3. Spelling and bad grammar – Professional companies and organizations usually have an editorial staff to ensure customers get high-quality, professional content. If an email message has obvious spelling or grammatical errors, it might be a scam. These errors are sometimes the result of awkward translation from a foreign language, and sometimes they’re deliberate in an attempt to evade filters that try to block these attacks. 
4. Mismatched email domains – If the email claims to be from a reputable company, like your bank, or the company you work for, but the email is being sent from another email domain like Gmail.com, or microsoftsupport.ru it’s probably a scam. Also, be watchful for very subtle misspellings of the legitimate domain name.  
5. Suspicious links or unexpected attachments – If you suspect that an email message is a scam, don’t open any links or attachments that you see. Instead, hover your mouse over, but don’t click on the link. 

Plan of action when you receive such mails/calls/texts: 

1. Never click any links or attachments in suspicious emails. If you receive a suspicious message from an organization and worry the message could be legitimate, go to your web browser and open a new tab. Then go to the organization’s website from your own saved favorite, and find the organization’s official website. Verify it. 
2. If the suspicious message appears to come from a person you know, contact that person via some other means such as a text message or phone call to confirm it. 
3. Report the message. 
4. Delete it. 

Steps to take if you think you’ve fallen prey to such attacks:  

If you’re suspicious that you may have inadvertently fallen for a phishing attack, don’t panic. There are a few things you should do.  

1. While it’s fresh in your mind, write down as many details of the attack as you can recall. In particular try to note any information such as usernames, account numbers, or passwords you may have shared. 
2. Immediately change the passwords on those affected accounts, and anywhere else that you might use the same password. While you’re changing passwords you should create unique passwords for each account, and you might want to see Create and use strong passwords. 
3. Confirm that you have multi factor authentication (also known as two-step verification) turned on for every account you can.  
4. If this attack affects your work or account, you should notify the IT support folks of the possible attack. If you share information about your credit cards or bank accounts you may want to contact those companies as well to alert them to possible fraud. 
5. If you’ve lost money or been the victim of identity theft, report it to local law enforcement.  

Become Aware and Stay Secure!