Fraudsters are lurking everywhere, sometimes even in plain sight if you know what to look for. Some hacker-favorite tactics include vishing and phishing. Not sure what these odd words mean? Here’s a quick IT vocab lesson.
the fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as bank details and credit card numbers
the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers
Simply put, vishing and phishing are ways hackers openly request sensitive information in sneaky ways. We at Liberty want to arm you with some insight into their most common methods, to help you and your data stay safe.
Hackers making vishing attempts like to single out departments in your organization such as the help desk, HR, sales and PR because these departments all have direct contact with clients and others outside the organization.
Vishing phone calls typically use a spoofed caller ID and VoIP technology. It may be a number you know, a local number, or an 800-number. Their tactics include posing as government agencies, banks, or credit card companies to name a few. They commonly claim that your account or information has been compromised, there has been fraudulent activity on your account, or you owe the IRS. After using these tactics to instill fear, they will request that you confirm personal information such as your SSN or credit card information.
The success of vishing relies on allowing no time for the recipient of the call to really process what the person on the other end of the phone is asking, and therefore can cause the target to reveal personal/sensitive information before they realize they are being scammed. To avoid this happening to you, go straight to the source. Hang up. Then look up the number to the organization/company that the caller claimed to represent and contact them directly to confirm whether or not the information you were told on the suspicious call is true.
Hackers using phishing tactics are looking to uncover the same personal information, via emails. They lure you in, again, with a sense of urgency and include a link that will request that you enter sensitive information. There are two ways a phishing email could be delivered to your inbox. First, it could be a blast email that was sent to millions. Or second, it could be a simple email that looks legitimate enough to gain your trust. "Response Required" and "Unusual Activity Suspected" are a few subject lines that can identify a phishing attempt. After you respond, it is then followed up by a phishing email.
Some forms of phishing emails include infected attachments that, when opened, can cause malware to gain unauthorized access to your user accounts or machines that come in the form of infected attachments. Phishing scams are at the root of over 90% of successful hacks and data breaches, so it’s vital that you and your organization learn to recognize these schemes from the start. The best way to avoid user-end breaches and hacks are to implement the following best practices regarding phishing emails:
- Think before you click and avoid clicking on links that appear in random emails or direct messages
- Go directly to a company's site before following links through a suspicious email; were you expecting to receive this attachment or does it seem "out of the blue"?
- Keep your browser updated
- Use firewalls
- Be suspicious of pop-ups
- Check the sender and reply email addresses to verify correct spellings and domains; suspicious emails may come from addresses that are similar but slightly off from a legitimate company's spellings/domains
- Avoid using personal devices or logging into personal accounts on your company network
Vishing and phishing are hackers’ attempts at going straight to the source that has all the info they need, you. Knowing how to recognize them and their tactics is the best defense line to keep your personal and company data protected.
To learn about more ways to protect your data, reach out to us at firstname.lastname@example.org.