Vishing & Smishing: Old Ploy, New Tricks


vishing-1.jpgHuman beings have long been the weakest link in your cybersecurity chain. So it may not surprise you when experts say that up to 98% of all cyberattacks rely on social engineering—the dark art of inducing (then leveraging) predictable human responses to trick people into handing over sensitive information.

Ten years ago, research firm Gartner warned the world that “Social engineering is the single greatest security risk in the decade ahead.” Today, two such social ruses on a rise include vishing and smishing, dangerous variants of the widely rued phishing cyberattack. Vishing (shorthand for “voice phishing”) targets mobile users and those who use VoIP services.

Crooks sometimes use fake caller ID—and even unwitting call centers and answering services to enable their scam. They impersonate legitimate companies or individuals, leaving bogus voicemail-callback requests. The goal, of course, is to fool victims into parting with credit card information, account sign-ups, birthdays or other highly personal data. The ploy’s destructiveness increased exponentially awhile back when fraudsters (for the first time on record) used AI software to “deepfake” a company leader’s voice and dupe a subsidiary’s CEO into wiring their criminal surrogates a cool $243,000.

Then there’s smishing (SMS phishing), a mobile device assault which uses short message services or texting as its attack vector. Similar to email phishing scams, smishing messages often include a threat or enticement to click a link or call a number and give out sensitive information. They might also instruct users to install “security” or other software on a device, which is usually malware.

So, how can you and your employees avoid being victimized by social engineering? Always err on the side of caution. Teach your employees not to trust any type of message that asks for personal information and not to click on unsolicited links. And make sure to conduct regular cybersecurity training to keep awareness high and guard against the latest scams.

For best-practice based support in any area of social engineering, including training, contact TeamLogic IT.