Wednesday, April 1, 2009

Phishing, Smishing, Vishing

With all the hype on this April Fool virus "Conficker" - time to know the names of some social engineering tactics . (Social engineering is the act of manipulating people into performing actions or divulging confidential information).

Phishing: attempts to acquire sensitive information such as usernames, pass­words and credit card details, by masquerading as a trustworthy entity typically by e-mail or instant messaging. It often directs users to enter details on a very authentic looking website.

SMiShing (or Smashing): victims receive SMS messages (text message) along these lines: "We're confirming you've signed up for our service. You will be charged $20 monthly unless you cancel your order on this URL: www.(site).com." When visiting the URL, victims are prompted to download a program which turns out to be a computer virus.

Vishing: is a combination of voice and phishing which allows for caller ID spoofing. Very hard to trace, vishing is typically used to steal credit card numbers or other information used in identity theft.

One example of how it might work is when a victim answers a call with an automated recording warning them that their credit card has had fraudulent activity. The message then instructs the person to call a phone number immediately. When they call the number, it is answered by automated instructions to enter their credit card or bank account number on the key pad. Once the account number is entered, the visher has all the information necessary to use the card.

Don't be fooled by phishing, smishing or vishing!
  • Never divulge personal or confidential information by emails, text messages or phone calls.
  • Don't click on links and URL's embedded in e-mails or text messages.
  • If you receive a call or e-mail directing you to act immediately call the phone number on the back of your debit /credit card, or statement.
Just a reminder.

No comments:

Post a Comment