The cybercriminal arts of ‘SMiShing' and ‘Vishing' have been covered in the national press.
The Guardian's Money section on Saturday claimed that thousands of people a week are targeted by both SMiShing (phishing by text message, or SMS) and Vishing (voicemail), the latest variations on the phishing scam where a user receives emailed ‘bait' encouraging them to visit a bogus website and hand over personal and financial details.
The article also claimed that ‘there seems little individuals can do to protect themselves against this kind of alleged fraud (other than perhaps never going shopping, and not owning a credit card).
David Emm at Kaspersky Lab said: “SMiShing has been around for a while and is one of the variations on standard phishing attacks. You get an SMS telling you about some great offer, etc. and are invited to call a number [where they try and get you to give up confidential information], or to reply directly to the SMS.”
However the article claimed that the positive news is that there is rising public awareness of phishing scams, but this means that fraudsters are trying new means, and this is how phishing, SMiShing and Vishing have reached epidemic levels. According to research by CPP, seven out of ten Britons were targeted in the last 12 months.
Rik Ferguson, senior security advisor at Trend Micro, said: “SMiShing reports date back to around 2006 when this threat started to become noticeable. The spoofed or fake SMS messages are often used to lure victims to a telephone number under the guise of ‘confirming' or ‘activating' account details.
“As such the threat from SMiShing works in conjunction with Vishing, or voicemail phishing, a technique which is also being increasingly attached to traditional email phishing mails. Again users will be asked to call a number to confirm their details.
“If they call up the number, an automated system will prompt them for things like credit card number, CVV code, expiry date or bank account details and even card PIN numbers. Concurrently we are also seeing a rise in speculative outbound Vishing calls, these arrive with a spoofed called ID number and often come from outside the country of residence of the victim.”
The article concluded with advice on how to avoid phishing fraud, with guidance to ‘never respond to a text or phone call from your bank asking you to verify details. Telephone the bank, using the number advertised on your bank statement, or the reverse of your card'.