Tsaaro Weekly Privacy Newsletter
19th August, 2022

SMISHING, VISHING AND PHISHING: HOW TO PROTECT YOURSELF FROM IT.

Have you ever received a mail, text, or link from your friend, colleague, or boss asking for a money transfer due to an emergency, or a link to a gift that is too good to be true?  

Ex: Click the link below I’ve ordered an iPhone 13 Pro Max for you! Message from a friend who still owes you 500 bucks. Messages like these mean you were a target for an attack. 

Cybercriminals use a variety of online scams to steal personal information, including phishing, vishing, and smishing, but this can be avoided with knowledge and proactive measures. But what exactly are they? 

Phishing. 

Cybercriminals often employ this technique the most. Customers are directed to a fake website that resembles their bank’s website by means of fraudulent emails. Fake fan pages on Facebook that post fraudulent content and ask users for private information may also cause this. 

Cybercriminals who engage in phishing frequently create false campaigns to update customer data or seek feedback participants in a grand prize that the bank purports to be hosting. Fraudulent websites ask for information like IDs, passwords for online banking, credit card numbers etc. 

Vishing  

The words phishing previously understood and “voice” when combined together create this term. It describes a threat where a fraudulent phone call is made using data that was previously obtained online 

There are two steps in this process. The cybercriminal first steals private information via email or a fake website (phishing), but in order to execute and validate an operation, they need the SMS password or digital passcode. Then the cybercriminal calls the client on the phone and poses as a bank employee. The cybercriminal tries to convince the victim to disclose the SMS password or digital passcode required to authorize transactions by sending high priority messages. 

Smishing. 

WhatsApp or text messages can be used, just like phone calls, to try to trick. This is where the term “smishing” originated. 

A customer is influenced when they receive a text message purporting to be from their bank informing them that a questionable purchase was made using their credit card. The text message provides a phony phone number and instructs the recipient to call their bank. When the customer picks up the phone again, the cybercriminal, posing as the bank, demands private information in order to cancel the transaction.  

The fact of the matter is that it is simple to defend against these attacks and their possible consequences. Only if you fall for the bait will the attack be damaging. You should keep in mind a few things to better defend yourself from these assaults. 

 

Tips To Recognize Phishing, Smishing, And Vishing by Their Common Features. 

  1. Oh, so great offers: An offer that seems too good to be true or a warning of impending legal issues. Statements intended to immediately catch people’s attention are known as attention-getters. 
  2. Urgent call to action or threats – Be suspicious of emails that claim you must click, call, or open an attachment immediately. Often, they’ll claim you have to act now to claim a reward or avoid a penalty. Creating a false sense of urgency is a common trick of phishing attacks and scams.  
  3. Spelling and bad grammar – Professional companies and organizations usually have an editorial staff to ensure customers get high-quality, professional content. If an email message has obvious spelling or grammatical errors, it might be a scam. These errors are sometimes the result of awkward translation from a foreign language, and sometimes they’re deliberate in an attempt to evade filters that try to block these attacks. 
  4. Mismatched email domains – If the email claims to be from a reputable company, like your bank, or the company you work for, but the email is being sent from another email domain like Gmail.com, or microsoftsupport.ru it’s probably a scam. Also, be watchful for very subtle misspellings of the legitimate domain name.  
  5. Suspicious links or unexpected attachments – If you suspect that an email message is a scam, don’t open any links or attachments that you see. Instead, hover your mouse over, but don’t click on the link. 

Plan of action when you receive such mails/calls/texts: 

  1. Never click any links or attachments in suspicious emails. If you receive a suspicious message from an organization and worry the message could be legitimate, go to your web browser and open a new tab. Then go to the organization’s website from your own saved favorite, and find the organization’s official website. Verify it. 
  2. If the suspicious message appears to come from a person you know, contact that person via some other means such as a text message or phone call to confirm it. 
  3. Report the message. 
  4. Delete it. 

Steps to take if you think you’ve fallen prey to such attacks:  

If you’re suspicious that you may have inadvertently fallen for a phishing attack, don’t panic. There are a few things you should do.  

  1. While it’s fresh in your mind, write down as many details of the attack as you can recall. In particular try to note any information such as usernames, account numbers, or passwords you may have shared. 
  2. Immediately change the passwords on those affected accounts, and anywhere else that you might use the same password. While you’re changing passwords you should create unique passwords for each account, and you might want to see Create and use strong passwords. 
  3. Confirm that you have multi factor authentication (also known as two-step verification) turned on for every account you can.  
  4. If this attack affects your work or account, you should notify the IT support folks of the possible attack. If you share information about your credit cards or bank accounts you may want to contact those companies as well to alert them to possible fraud. 
  5. If you’ve lost money or been the victim of identity theft, report it to local law enforcement.  

Become Aware and Stay Secure! 

Tsaaro Weekly Privacy Newsletter
22nd July, 2022

Smishing, Vishing And Phishing: How To Protect Yourself From it.

Have you ever received a mail, text, or link from your friend, colleague, or boss asking for a money transfer due to an emergency, or a link to a gift that is too good to be true?  

Ex: Click the link below I’ve ordered an iPhone 13 Pro Max for you! Message from a friend who still owes you 500 bucks. Messages like these mean you were a target for an attack. 

Cybercriminals use a variety of online scams to steal personal information, including phishing, vishing, and smishing, but this can be avoided with knowledge and proactive measures. But what exactly are they? 

Phishing. 

Cybercriminals often employ this technique the most. Customers are directed to a fake website that resembles their bank’s website by means of fraudulent emails. Fake fan pages on Facebook that post fraudulent content and ask users for private information may also cause this. 

Cybercriminals who engage in phishing frequently create false campaigns to update customer data or seek feedback participants in a grand prize that the bank purports to be hosting. Fraudulent websites ask for information like IDs, passwords for online banking, credit card numbers etc. 

Vishing  

The words phishing previously understood and “voice” when combined together create this term. It describes a threat where a fraudulent phone call is made using data that was previously obtained online 

There are two steps in this process. The cybercriminal first steals private information via email or a fake website (phishing), but in order to execute and validate an operation, they need the SMS password or digital passcode. Then the cybercriminal calls the client on the phone and poses as a bank employee. The cybercriminal tries to convince the victim to disclose the SMS password or digital passcode required to authorize transactions by sending high priority messages. 

Smishing. 

WhatsApp or text messages can be used, just like phone calls, to try to trick. This is where the term “smishing” originated. 

A customer is influenced when they receive a text message purporting to be from their bank informing them that a questionable purchase was made using their credit card. The text message provides a phony phone number and instructs the recipient to call their bank. When the customer picks up the phone again, the cybercriminal, posing as the bank, demands private information in order to cancel the transaction.  

The fact of the matter is that it is simple to defend against these attacks and their possible consequences. Only if you fall for the bait will the attack be damaging. You should keep in mind a few things to better defend yourself from these assaults. 

 

Tips To Recognize Phishing, Smishing, And Vishing by Their Common Features. 

  1. Oh, so great offers: An offer that seems too good to be true or a warning of impending legal issues. Statements intended to immediately catch people’s attention are known as attention-getters. 
  2. Urgent call to action or threats – Be suspicious of emails that claim you must click, call, or open an attachment immediately. Often, they’ll claim you have to act now to claim a reward or avoid a penalty. Creating a false sense of urgency is a common trick of phishing attacks and scams.  
  3. Spelling and bad grammar – Professional companies and organizations usually have an editorial staff to ensure customers get high-quality, professional content. If an email message has obvious spelling or grammatical errors, it might be a scam. These errors are sometimes the result of awkward translation from a foreign language, and sometimes they’re deliberate in an attempt to evade filters that try to block these attacks. 
  4. Mismatched email domains – If the email claims to be from a reputable company, like your bank, or the company you work for, but the email is being sent from another email domain like Gmail.com, or microsoftsupport.ru it’s probably a scam. Also, be watchful for very subtle misspellings of the legitimate domain name.  
  5. Suspicious links or unexpected attachments – If you suspect that an email message is a scam, don’t open any links or attachments that you see. Instead, hover your mouse over, but don’t click on the link. 

Plan of action when you receive such mails/calls/texts: 

  1. Never click any links or attachments in suspicious emails. If you receive a suspicious message from an organization and worry the message could be legitimate, go to your web browser and open a new tab. Then go to the organization’s website from your own saved favorite, and find the organization’s official website. Verify it. 
  2. If the suspicious message appears to come from a person you know, contact that person via some other means such as a text message or phone call to confirm it. 
  3. Report the message. 
  4. Delete it. 

Steps to take if you think you’ve fallen prey to such attacks:  

If you’re suspicious that you may have inadvertently fallen for a phishing attack, don’t panic. There are a few things you should do.  

  1. While it’s fresh in your mind, write down as many details of the attack as you can recall. In particular try to note any information such as usernames, account numbers, or passwords you may have shared. 
  2. Immediately change the passwords on those affected accounts, and anywhere else that you might use the same password. While you’re changing passwords you should create unique passwords for each account, and you might want to see Create and use strong passwords. 
  3. Confirm that you have multi factor authentication (also known as two-step verification) turned on for every account you can.  
  4. If this attack affects your work or account, you should notify the IT support folks of the possible attack. If you share information about your credit cards or bank accounts you may want to contact those companies as well to alert them to possible fraud. 
  5. If you’ve lost money or been the victim of identity theft, report it to local law enforcement.  

Become Aware and Stay Secure! 

Major Privacy Updates of the Week

Signal users' phone numbers exposed in major Twilio hack

Encrypted chat service Signal is reporting that 1,900 users may have had their phone numbers leaked due to hackers breaching Twilio, a service provider for the messaging app.  As a result, Signal is contacting the 1,900 affected users about the potential data exposure via an SMS message. Vulnerable users will also be required to re-register the Signal app on their smartphones.

Read More

Signal users' phone numbers exposed in major Twilio hack

Encrypted chat service Signal is reporting that 1,900 users may have had their phone numbers leaked due to hackers breaching Twilio, a service provider for the messaging app.  As a result, Signal is contacting the 1,900 affected users about the potential data exposure via an SMS message. Vulnerable users will also be required to re-register the Signal app on their smartphones.

Read More

Ransomware attack costs HanesBrands $100 million in net sales

HanesBrands suffered a ransomware attack which left it partially unable to fulfill customer orders for three weeks, costing the company $100 million in net sales. HanesBrands, an American multinational clothing company, has released its second-quarter results, which indicate a hit it took as a result of a ransomware attack.

Read more

Ransomware attack costs HanesBrands $100 million in net sales

HanesBrands suffered a ransomware attack which left it partially unable to fulfill customer orders for three weeks, costing the company $100 million in net sales. HanesBrands, an American multinational clothing company, has released its second-quarter results, which indicate a hit it took as a result of a ransomware attack.

Read more

Google LLC to pay $60 million for misleading Australian users about collection Location Data

Google has agreed to pay $60 million in penalties flowing from a long-running court fight with the Australian competition watchdog over the tech giant misleading users on the collection of personal location data. In April last year, the Federal Court of Australia found Google breached consumer laws by misleading some local users into thinking the company was not collecting personal data about their location via mobile devices with Android operating systems. 

Read more

Google LLC to pay $60 million for misleading Australian users about collection Location Data

Google has agreed to pay $60 million in penalties flowing from a long-running court fight with the Australian competition watchdog over the tech giant misleading users on the collection of personal location data. In April last year, the Federal Court of Australia found Google breached consumer laws by misleading some local users into thinking the company was not collecting personal data about their location via mobile devices with Android operating systems. 

Read more

UK Drinking Water Supplier Hit with Clop Ransomware

The UK water supplier South Staffordshire PLC (the parent company of South Staffs Water and Cambridge Water) with over a million customers was hit by a “criminal cyberattack.” According to South Staffordshire PLC’s statement, the incident did not affect its ability to supply safe water, and the supplier continues to serve its Cambridge Water and South Staffs Water customers. 

Read more

UK Drinking Water Supplier Hit with Clop Ransomware

The UK water supplier South Staffordshire PLC (the parent company of South Staffs Water and Cambridge Water) with over a million customers was hit by a “criminal cyberattack.” According to South Staffordshire PLC’s statement, the incident did not affect its ability to supply safe water, and the supplier continues to serve its Cambridge Water and South Staffs Water customers. 

Read more

Microsoft Disrupts Russian Group's Multiyear Cyber-Espionage Campaign

Microsoft’s Threat Intelligence Center (MSTIC) has taken steps to disrupt the operations of “Seaborgium,” a Russia-based threat actor that has been involved in persistent spear-phishing and credential-theft campaigns aimed at organizations and individuals in NATO countries since at least 2017.

Read more

Microsoft Disrupts Russian Group's Multiyear Cyber-Espionage Campaign

Microsoft’s Threat Intelligence Center (MSTIC) has taken steps to disrupt the operations of “Seaborgium,” a Russia-based threat actor that has been involved in persistent spear-phishing and credential-theft campaigns aimed at organizations and individuals in NATO countries since at least 2017.

Read more

Curated by: Prajwala D Dinesh, Ritwik Tiwari, Ayush Sahay

WEEKLY PRIVACY NEWSLETTER

Keep up to pace with this high-impact weekly privacy newsletter that
features significant data privacy updates, trends, and tools that can
help to make your life secure & easier every day!

*By clicking on subscribe, I agree to receive communications from Tsaaro