In a previous post, we covered Phishing and Spear Phishing. Another trend to be watchful for is a variation of these over mobile platforms. The concepts of “Smishing” and “Vishing” are targeted at mobile electronic devices and work in the same manner as phishing tactics.
Smishing is an attempt to trick a victim into providing personal and sensitive information from a smartphone. The tactic is to send an alarming Short Message Service (SMS) text informing the intended victim that there is a problem with their account. Often, a link to a website is included for “convenience”. Once the victim has transitioned from the messaging service to a mobile browser, the hackers attempt to collect information that might not be normally given. These campaigns are particularly tricky because link checking is not as easy to perform on mobile devices.
Another complication with Smishing tactics is the increasing use of SMS temporary codes used with Multi-Factor Authentication (MFA). One of the best defenses with any SMS text message is to scrutinize the sender. If the message appears to be sent from an unusual or even unknown sender, the appropriate action is to delete the message and avoid clicking or interacting with the link sent. True MFA temporary codes and messages should provide information only, never a link to a website.
Vishing is an attempt to trick a victim into providing personal and sensitive information over a voice interactive system. Voice recognition software has led in recent years to an expanding use of voice activated data entry systems. Like any technology in use, hackers have embraced the voice activated systems to help them engage in fraudulent activity. These systems are even harder to check for authenticity because there are no links to websites. Vishing tactics are employed to harvest information for use in other hacker attacks. Vishing can be conducted over mobile phones or the more traditional land lines. Not surprisingly, elderly populations are a targeted demographic for vishing.
Christoper Watson is an Information Technology professional with success in both public and private sector businesses. Technical and business experience is complimented with operational and strategic planning, international contracting work, leadership development and team building competency in challenging physical and political environments. Experience leverages strengths with technology services and providing timely and relevant information to senior executive leadership. Christopher is based out of the Oklahoma City office.