September 17, 2020
How to Identify and Avoid Vishing and Smishing Attacks
You likely have heard of phishing attacks, a type of social engineering scheme that tricks victims into clicking email links infected with malware, or into giving sensitive information to cybercriminals posing as a credible contact.
Sophisticated attackers use a variety of tactics to gain and exploit users’ sensitive information beyond phishing emails. Other social engineering schemes include vishing and smishing; these schemes are becoming more common among employees who use personal devices for work. Fortunately, there are steps your organization can take to remain aware and be vigilant about evolving social engineering attack risks.
WHAT ARE VISHING AND SMISHING ATTACKS?
Vishing is a type of social engineering attack that relies on users providing sensitive information over the phone. Bad actors can orchestrate these schemes by spoofing phone numbers to make incoming calls appear to be from credible vendors or agencies.
Smishing attacks occur via SMS, or text, messages. The messages may contain links to malicious sites or instruct victims to call a phone number in order to provide sensitive information.
TIPS FOR SPOTTING VISHING AND SMISHING ATTACKS
As cybercriminals become more advanced and their methods of attack become more complex, it is increasingly difficult for many to spot malicious requests. Below are typical red flags:
HOW TO PREVENT AND RESPOND TO ATTACKS
One of the biggest risks to your firm’s network security is human error. Training your firm’s network users to recognize, avoid, and report potential attacks can save your firm the financial, reputational, and security expenses of a data breach.
If your firm has questions about social engineering attacks, Fairview can help. We offer comprehensive on-going anti-phishing training and will help your firm draft and implement policies and procedures to keep your network safe and respond to potential threats. Contact us today for more information about what we can do for your firm.