Reading Time: 4 minutes

Staying one step ahead: phishing, vishing, and smishing

14th February 2024

Categories: Security

Reading Time: 4 minutes

“Phishing, vishing, and smishing stands for the different ways in which you might be cyber attacked “

Phishing, vishing, and smishing sound like the names of small villages on a beautiful coastline in some faraway paradise, but I can assure you these names stand for something completely onerous. Each of the names, Phishing, vishing, and smishing stands for the different ways in which you might be cyber attacked. All three of them are what the industry calls a socially engineered attack.

Protecting your business from phishing attacks

There are all sorts of figures that are used to say how many phishing emails are sent per year. However, regardless of the amount, the thing to think of is that billions of emails are sent out, and one could easily land in your email box. It is the most commonly used attack vector used by cybercriminals. Why? Because it’s an easy method to fall foul of. Here is how a phishing attack works.

A phishing attack is a fake email message, which has been sent to you by what appears to be a legitimate company that may be well known to you. Cybercriminals usually use trustworthy companies like your local delivery company, HMRC, your business bank, or a trusted supplier.

Under the guise of a trusted name, the criminal will request personal information from you: bank information, passwords, usernames, or access to sensitive data. You might think you would spot a fake email, but cybercriminals are very adept at designing emails to look exactly like the real thing.

If they don’t gain access in the above manner, they will turn to sending malware, which if you click on it, because it’s often disguised as an invoice or a receipt, is capable of stealing personal information just as easily.

How good customer service impacts your bottom line

On any normal day, working with an IT company is fine. It’s when your problems really hit the fan, you find out if your outsourced IT partner has your back. When you choose a partner, it’s easy to go for cheaper contracts, or they are nearer to your business than another.

The questions you really need to ask are as follows: What is the quality and calibre of their support desk like? How quickly will they get you back up and running? There are companies out there who will start disassembling everything in the building to get you back up and running. Or do they approach problems with simple fault-finding questions first (because sometimes it can be something really simple).

An efficient and well-run help desk will resolve your issues quickly, smoothly and on time, cutting down on your staff standstill"

Deterrents in cyber security

Using Multifactor Authentication (MFA) or Two Factor Authentication (2FA) is an excellent extra layer of deterrence. Essentially, they are both forms of identity and access management security systems, they each need other points of verification that a threat actor is unable to circumvent, like an authenticator app.

Protecting yourself from smishing: tips and tricks

Smishing is just like phishing, but it takes place via a text message, it targets mobile phones and Apps like WhatsApp. Sometimes, the message will be an advert offering services. Lottery scams, QR codes, friends or loved ones in need, discounts, or the horrible Mum or Dad scam. Whatever their guise, they are after personal information or money. So, you can do several things to protect yourself.

Don’t send any money
Set up 2FA on your mobile device
Create a distress password with your family, so that you know whether the call is genuine or not. This is especially useful with the Mum and Dad scam
Call the number that is requesting any kind of money, or personal information
Change the default PIN on your voicemail, hackers are not shy about trying to access your voicemail, so use a unique PIN to protect yourself
Report any kind of smishing attack to your mobile operator or App service

Delete them, delete them, delete them"

Warning signs of a vishing attack You shouldn't ignore

Vishing is an over-the-phone cyber attack. The criminal will pose as if they are calling from your bank, or a trusted supplier so that they can verbally obtain confidential information from you.

Often there is an inherent rush to their request, they will push hard to get you to release money from your account, as they use the threat of arrest or heavy fines if you do not pay them there and then.

Don’t give out your card details over the phone, or by text to anyone. Even if they send you a link to click on, don’t
If you are in any doubt, exit the call, and call the bank, HMRC etc directly on a bonafide number, that you have found, one that is not supplied in the text you have been sent
Keep your software up to date with the latest patches etc.

Don’t feel rushed to give any information over the phone"

Conclusion

It’s a sad fact that cyber criminals use socially engineered technological methods to gather personal information. So be fraud aware, otherwise you put yourself and your business at risk.

To find out more about how CNC can improve your business cyber security, contact the team at: sales@cnc-ltd.co.uk or call us on 01273 384100.

By Gary Jowett

Gary has always focused on making sure the most appropriate solution is provided to help customers, not just what's new and shiny. With over 30 years in the IT industry Gary has the experience to tell the difference between something that's game-changing or is just a passing fad!

READ GARY'S POSTS

LET'S TALK

We’re always open for a chat, so get in touch to find out how we can help

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-functional	1 year	The cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
cookielawinfo-checkbox-others	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_20840989_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.