top of page
    • Feb 20

PHISHING and other SHINGs


Phishing

At this point you have probably heard of the term phishing – a fraudulent operation in which an email duped the user into revealing sensitive personal or corporate information, which can be used for illicit purposes.


For review, here are some of the main points to help detect various phishing attack methods:

  • The email is sent from public domain such as gmail.com (i.e., paypal_bill_johnson@gmail.com), or from a domain having a name similar to a valid one (i.e., helpdesk@goog1le.com). I bet not many will notice that letter L in google is actually number 1).

  • The email requests sensitive information. No company will send an email asking for your password or social security number, nor will they send you a login link.

  • The email has terrible grammar.  Since AI services can now be used to write emails, the number of phishing emails with bad grammar is declining.

  • The email has a suspicious attachment. 

  • The message has made you panic.  It will state that your computer or bank account has been compromised and ask you to respond or perform actions immediately.

  • The email appears to come from a government agency.  The government will never do that. Scammers send messages claiming to be the IRS demanding immediate payment or claiming to be the FBI demanding your personal information.





In addition to phi-shing you should be aware of other ***-shings.



Vishing


Vishing – voice phishing – is the use of fraudulent phone calls to trick you into giving money or revealing personal or corporate information. Vishing frequently involves a criminal pretending to represent a trusted organization, company, or agency. Things to know about vishing:



  • AI-Based Vishing. AI software exists that can mimic a person’s voice, fooling employees into thinking that they are speaking to their supervisor or manager.

  • Robocall. A prerecorded message dials every number in the area code asking for victim’s names and other information. Thankfully that kind of vishing is becoming less common since most people are now familiar with robocall and just hangup.

  • Tech Support Call. Scammers might pretend that your computer needs an update or repair and ask for your password.  Or you might get a message that there has been a car recall, and you must provide information for a company to issue repair instructions.

  • Caller ID Spoofing. Your phone might show a legitimate caller ID, for example from the police department, tax agency or client. Those attacks are harder to spot.



Smishing


Smishing – a phishing tactic conducted via SMS, a telephone-based text messaging service.  A smishing text, for example, attempts to entice a person into revealing personal information and usually contains a link that takes the person to a phishing website.  Here are examples of most common smishing attacks:

  • Financial Alerts. Text message pretending to be a bank claiming that there has been suspicious activity. In which you are asked to click on a link to change your password.

  • Package delivery notification. Fake message claiming that package could not be delivered asking the recipient to click on a link to track the package.

  • Tax Alert. Messages from the IRS or other government agencies asking to click on a link to resolve the situation, which often includes a request for immediate payment.

  • Charity Scams. Smishers claim to be from a charity or non-profit organization, asking victims for a donation and providing a link allowing them to contribute.





Quishing


Quishing – also known as QR phishing, is a type of phishing attack that uses QR codes to trick victims into visiting or downloading malicious content. 


And here are some examples of where Quishing may be lurking:



  • Restaurant menu. A number of restaurants instead of printing menus provide you with QR image to view menu on your cell phone. It is very easy for hackers to replace valid QR stickers with fraudulent ones that take the person to a malicious site when scanned.

  • Postal Quishing. There are numerous instances of postal emails impersonating FedEx, UPS, and/or DHL with fraudulent QR images for you to scan to follow delivery of your package.

  • Impersonation Emails. Those coming supposedly from Crypto Wallet, DocuSign, File Sharing, and number of other services.


Be Vigilent














Tags:

תגובות

התגובות הושבתו לפוסט הזה.
bottom of page