Grab It Now
Phishing, Smishing and Vishing in 2014
In an age where mobile devices have overtaken the usage of PCs, we must be aware and must know how to protect ourselves from phishing, Smishing and Vishing attacks. We do not want to compromise our social security or have our privacy threatened over internet & it is very important to know that the mobile device users are more vulnerable because they are out in public and less careful about their private information than most PC users.
Phishing is type of social engineering attack the main goal of phishing attack is to gain the personal information, credentials of credit card, and social security numbers via different attack methodologies. The attacker attempts to gather sensitive user information, such as usernames, passwords, or credit card details, by posing as a legitimate entity within electronic communication. Phishing attacks are typically carried out by spoofing a legitimate website or within an email, and it directs the user to provide details to the fake website or email.
Smishing and Vishing attacks are carried out by sending fake SMS to lure the user providing his confidential information .In the Smishing Attack Cyber criminals generally send the user a fake SMS tricking the user to provide via fake website provided by SMS .Usually Smishing attack tells the user that something has happened to users bank account and immediate action needs to take on user's account asking user to change his account user id and password that tricks the user to fake website to provide the sensitive information such as social security numbers ,credit card details.
In Vishing Attack cyber criminal sends the user voicemail as representatives of an organization. Users are prompted to call back immediately or send some important information regarding bank accounts in order to carry out some process to solve a situation. Some attackers may not even send a voicemail. They will call an individual directly and attempt to trick them into providing the confidential information.
Countermeasures to phishing attacks include the following:
- Be skeptical of e-mails indicating you must make changes to your accounts, Or warnings stating an account will be terminated if you don’t perform some online activity.
- Call the legitimate company to find out if this is a fraudulent message.
- Review the address bar to see if the domain name is correct.
- When submitting any type of financial information or credential data, an SSL Connection should be set up, which is indicated in the address bar (https ://) & a closed-padlock icon in the browser at the bottom-right corner.
- Do not click an HTML link within an e-mail. Type the URL out manually instead.
- Do not accept e-mail in HTML format.
- If there are any attachments in the email with the following below extensions –.pif, .pl, .php, .exe, .bat, .com, .vbs, .reg, .msi If it is suspicious and contains mentioned extensions do not click on the attachment because there could be a Trojan or virus wrapped behind the extension. Even if the file does not contain one of the above mentioned extensions, be cautious about opening it. Contact the sender to verify its contents.
- Some attacks use pop-up forms when a victim is at a legitimate site. So if you were at your bank’s actual web site and a pop-up window appeared asking you for some Sensitive information, this probably wouldn’t worry you since you were communicating with your actual bank’s web site. You may believe the window came from your Bank’s web server, so you fill it out as instructed.
- Due to lack of awareness Most of the times people become the victim of cyber attacks. We need to learn about the security risks with mobile apps, and implement security controls for better protection. User must learn about the privacy policies of mobile banking apps before downloading them because the self awareness is a key to prevent such an attack by our end.
If you like this post, please like us on Facebook too.