Most of us have heard of the term phishing and have probably been attacked by it more than once. Phishing is attempting to acquire information from users while posing as a trustworthy individual in an electronic communication. “Phishing” generally refers to attacks in your email inbox, but there are three others to know of: vishing, smishing, and whaling.
“Vishing” is a phishing attack on your VoIP (voice over IP) phone. If you don’t have a VoIP phone then you are not at risk, as land lines are not susceptible to this kind of attack. Like phising, a message sent to a thousand possible emails, vishing is sent to a thousand possible VoIP phones. Vishing happens when victims receive voice messages asking to contact their bank about fraudulent bank account activity. The attack is successful when users call the number and are then prompted by voice commands to enter personal information, or they are connected with someone appearing to be a bank representative. Providing information can then lead to stolen credit card numbers, or full-on identity theft.
“Smishing” is a phishing attack on your mobile phone via text messaging or Short Message Service (SMS) messaging. Same concept as above, text messages are sent to your phone asking you to go to a website or call a number where you are met by someone attempting to steal your personal and critical information.
Finally, “whaling” is a specified attack on senior business leaders. These attacks are more specific, as scammers are doing their homework and compiling business email addresses, job titles, direct telephone numbers, and reporting employee names of business executives and compiling direct attacks over email. Executives are prone to fall to these attacks as the information in the emails leads them to believe the messages are legit. The email message may contain and attachment or point executives to a website, where once clicked, a program is downloaded to the user’s PC and confidential information is then compromised. This attack is a little different as the scammers are not only interested in obtaining personal information on the user, but are also after confidential and proprietary information of the company.
A lot of successful phishing attacks go unreported because the victims don’t want to appear gullible enough to be stooped by these attacks. Sometimes we throw logic reason out the door and fall, even though we think we are too smart to do so. Continue to delete the emails, but also remember to delete the voicemails and the text messages. And remember, if you have a small suspicion that something isn’t right, it probably isn’t!
EarthLink IT Services offers numerous security services to protect against these attacks. Check out our security service product suite HERE!