Chinenye Anuforo [email protected]
Online scams are growing more sophisticated every day as scammers aim to manipulate people into handing over sensitive data.
For instance, phishing attacks have expanded into new channels. Smishing and vishing are types of phishing attacks that try to lure victims via SMS message and voice calls. Both rely on the same emotional appeals employed in traditional phishing scams and are designed to drive you into urgent action. The difference is the delivery method.
While vishing is the fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as bank details and credit card numbers, Smishing is the practice of sending text messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords or credit card numbers.
Just recently, the NCC alerted the general public on the increasing incidence of fraud across various platforms, especially on social media networks.
According to the commission, “The latest scams sometimes take the form of vishing, which are fraudulent phone calls from people who may claim to be calling on behalf of a known and credible organisation, with the intention to gain access to the target’s personal social media account or other identity resources to perpetrate fraud.”
Director, Public Affairs, NCC, Dr. Ikechukwu Adinde, in a statement, said the general public should be informed that “such calls and antics, are initiated and carried out by unscrupulous persons, usually with the intent to defraud unsuspecting citizens and or commit other heinous crimes.”
We are on our guard a bit more with email nowadays because we are used to receiving spam mails, but text messages and calls can still feel more legitimate to many people.
As we do more of our shopping, banking, and other activities online through our phones, the opportunitie are there for scammers to proliferate. To avoid becoming a victim you have to stop and think.
Trusting no one is a good place to start. Never tap or click links in messages, look up numbers and website addresses and input them yourself. Don’t give any information to a caller unless you’re certain they are legitimate – you can always call them back.
It’s better to be safe than sorry, so always err on the side of caution. No organisation is going to rebuke you for hanging up and then calling them directly (having looked up the number yourself) to ensure they really are who they say they are.
Update your awareness training.
While remaining on your guard is solid advice for individuals in everyday life, the reality is that people in the workplace are often careless. They may be distracted, under pressure, and eager to get on with their work and scams can be devilishly clever. What if the SMS seems to come from the CEO, or the call appears to be from someone in HR? You can toughen up your employees and boost your defenses with the right training and clear policies.
Every company should have some kind of mandatory, regular security awareness training programme. It can include best practices for general safety, but also define policies, such as who to contact in the event of something suspicious, or rules on how certain sensitive communications will be handled, that make attempted deceptions much easier to spot.
If you do suffer any form of phishing attack, make changes to ensure it never happens again.
The majority of smishing and vishing attacks go unreported and this plays into the hands of cybercriminals. While you may be smart enough to ignore the latest suspicious SMS or call, if you have a system in place for people to report these attempted attacks, and possibly even a small reward for doing so, then it presents you with an opportunity to warn others.