Our final installment!
Hello and welcome to our final installment of our how to spot a scammer series. This week we’re going to go over a few more types of phishing to stay on the lookout for.
You’ll notice that the three scams covered this week are all non-email versions of phishing. Many people are already wary of email messages, but may not be familiar with other common strategies.
The scams we’ll be going over today are Smishing (SMS phishing), Vishing (Voice/phone phishing), and Angler Phishing (Social Media phishing). Let’s take a closer look at each one.
What is Smishing?
Smishing is when a scammer reaches out to you via SMS messaging. This is something a lot of us have experienced at some point, but it’s important for employers to stay aware about this threat. This threat is especially important to talk about as more employees use company-provided smart phones.
How to stay safe from Smishing?
While smishing has a lot of crossover with other types of phishing, there are some SMS-specifc strategies for staying safe. Here’s a great checklist we found provided by the FCC on how to stay safe from SMS scams:
- Never click links, reply to text messages or call numbers you don’t recognize.
- Do not respond, even if the message requests that you “text STOP” to end messages.
- Delete all suspicious texts.
- Make sure your smart device OS and security apps are updated to the latest version.
- Consider installing anti-malware software on your device for added security.
- Protect any sensitive personal information – bank accounts, health records, social media accounts, etc. – by using multi-factor authentication to access it.
What is Vishing?
Another form of scamming that takes place over the phone is Vishing, which is short for “Voice Phishing.” This is where someone actually calls to speak to you, often leaving a voicemail message if you don’t pick up.
How to stay safe from Vishing?
The biggest challenge when it comes to vishing is often determining if the call is legitimate or not. While many calls obviously miss the mark, other scammers manage to come across as genuine.
A great tip on how to handle a call that may or may not be legitimate come to us from the University of Nebraska: “If you think it might be legitimate, ask for their name, look up the phone number for that institution or organization, call that number and ask for the person.”
We also recommend that employees should be reminded to report any suspicious work-related calls to their managers and I.T. team. This is a great way to help your organization stay alert to attacks.
What is Angler Phishing?
Angler phishing is a phishing attack done over social media. These days, many consumers connect with brands directly over apps like Instagram or X (formerly “Twitter”). Scammers are taking advantage of this and disguising themselves as brand representatives or business investors, among other strategies.
How to stay safe from Angler Phishing?
For business owners, the most compelling type of angler phishing scheme may be investment scams. This data comes to us from the FTC who reported that, “While online shopping scams have the highest number of reports, the largest share of dollar losses are to scams that use social media to promote fake investment opportunities.”
So next time you receive a message on LinkedIn or other social media profile, watch out for these clues to spot an angler phishing scam:
- Messages that create a sense of urgency. Scammers don’t want you taking any time to think so they often imply or explicitly state that you must act immediately.
- Being contacted by someone outside of your network. If you don’t know the person at all, it’s good to pause and question what their motivation for reaching out to you in particular is.
- Receiving an out-of-character message from someone inside your network. Scammers will often hack and hijack other users’ accounts to disguise themselves. If a message you receive from a known contact has other signs of being a scam, try reaching out to that contact via another channel. For example, call their office number or send them an email to verify that the message is legitimate.
- Requests for sensitive information from brands. Social media can be a great way to communicate with brands—these days many. Unfortunately, many scammers try to “swoop in” and respond as if they themselves are brand representatives. Watch out for requests for password or Two-Factor Authentication—brands will not ask for that information over social media.
That’s all, folks!
This brings us to the end of our series on spotting scams. We hope that it’s been informative and that you’ve gotten some tips that may help you stay safe from phishing attacks.
If you would like to discuss options for keeping your network devices safer, we encourage you to reach out to our I.T. consultants. You can call (818)-832-2310 or email support@islandtechnologies.net to get started.