What is Smishing?
Smishing, also known as SMS phishing is a type of social engineering attack carried out in order to steal user data including personal information, financial information, and credentials. Smishing also aims at laundering money from victims
In Smishing, scammers send phishing messages via an SMS text that includes a malicious link. The phishing messages trick recipients into clicking the malicious link, which redirects them to a phishing page where personal information is harvested.
Example of Smishing - Lucky Draw campaign
In February 2019, a new smishing campaign targeted Indian Nokia owners stating that they have won a lucky draw. This smishing campaign purported to be from ‘Nokia.com online shopping Pvt Ltd.co’ and claimed that the recipient has won either a Tata Safari or 1,260,000 Indian rupees. The phishing message then urged the recipients to pay Rs. 6,500 in order to claim the prize.
What is Vishing?
Vishing, also known as Voice phishing is a type of criminal phone fraud that uses voice messages to obtain personal information or money from victims. Vishing uses automated voice recordings to lure victims.
In Vishing, an automated voice call stating that the recipients’ bank account has been compromised is sent. The voice message then asks the recipient to call a specified toll-free number. Once users call to that toll-free number, the user’s bank account number and other personal details are harvested via the phone keypad.
Examples of Vishing - Vishing against Singapore Airlines
A vishing campaign against Singapore Airlines was observed by researchers. The campaign made voice phone calls to Singapore Airlines customers and stated that they’ve been selected for a draw or have won air tickets. The voice message then requested the personal and financial information from the recipients.
How to stay protected?