Last week you may have read an article detailing phishing. As we become more educated about phishing, a criminal activity in use since 1987, that attempts to fraudulently obtain sensitive information, such as your social security number, driver’s license, credit card, bank account information, or simply your log on name and passwords (credentials), we will also want to come up to speed on other terminology of frequently used tricks in the bad actor toolkit.
Vishing is the mash-up combination of voice and phishing that was seen as early as April 2006, a practice of using social engineering over the telephone. Someone calls you in an attempt to sweet talk you or threaten you or speak in official sounding terms in order to gain information you wouldn’t normally give out. Again, these are bad actors trying to obtain your sensitive data, as listed above.
A common theme in these attacks is the use of social engineering. The bad actors have done their research before ever having reached out to you. For example, if they want your bank account information, they will already know who you bank with; they may even have obtained your contact information from the bank itself. These bad actors are very intelligent and have had a lot of practice at deceiving people.
Pharming, the lesser of the known attack types that’s been around since January 2005, is just as effective at wreaking havoc. This is a method where a bad actor will load malicious software on to your computer. In today’s day and age, a person need not sit in front of your computer to load software on to it. You may receive a phone call from someone pretending to be tech support and they may ask you to visit a web site and click on a link. Or, you may click on a link in an email for whatever reason. However once you do, the software is loading and the bad actor may have access to your computer and everything on it and they can track every key you press on your keyboard too perhaps.
There are also bad websites out there, you may find yourself looking to see what happened to the Malaysian Flight and click on a link informing you they found the flight. This is a bogus claim but the second you visit the sight the bad software may start downloading to your computer without your knowledge, then the oddity begins. You may notice your computer running slowly, or that you have a lot of ads popping up on your computer. It’s time to call the local campus helpdesk and ask them to ensure your computer is up to date with software patches and anti-virus.
Of course, as various types of technology becomes more popular, the bad actor activity in that technology increases there as well, which brings us to smishing way back in 2006. Text messages or Short Message Service mashed up with phishing, gives us the term SMiShing whereby bad actors send text messages with links to bad websites and then all the malicious activity mentioned above can happen from your smartphone. An example might be your bank is confirming you purchased a rental in Kinvara, Ireland for $1600 Euro. If this is not your purchase, click here. http://www.westealyourmoney.com
The best way to protect yourself from these attacks is not to click on links sent to you without expectation. Contact the sender and confirm. The ole adage, “If something doesn’t seem right, walk away” seems best. We educate ourselves on the issues and try to keep informed on what the bad actors are doing. If you are unsure about something you receive, send it to your local campus helpdesk to help you confirm its legitimacy.