This form of fraud spoofs the contact details and websites of legitimate sources to trick targets into making payments or revealing confidential information. Scam calls and texts are often referred to as ‘vishing’ (voice phishing) and ‘smishing’ (SMS phishing) respectively.
How do phone and text scams work?
Unfortunately, these low-cost scams can be carried out with very little technical knowledge. They often appear urgent, deceiving targets into revealing confidential information quickly.
What is vishing?
Vishing campaigns are often conducted at high volume, using auto-dial and broadband calls to contact thousands of potential victims per hour. They try to drive fear-based responses. An example is a spurious bank callback service that pretends to alert the victim to bank account fraud and then requests detailed card information.
When targeting organisations, attackers often impersonate a senior employee requiring urgent assistance. They may pretend to be in a rush, in an attempt to take control of the conversation.
What is smishing?
Smishing has begun to overtake vishing in popularity. With the growth of text banking and with many victims still unused to receiving spam texts, criminals behind this type of fraud currently enjoy a higher success rate.
Smishing texts typically request urgent action, which often means clicking on a malicious link that in turn enables data theft. Spam filters stop many phishing emails from reaching inboxes, but no mainstream solution yet exists to prevent texts from reaching their intended target.
How to defend your business against text and phone scams?
The risks of text and phone scams can include data theft, fraudulent internet banking redirection, identity fraud and significant financial loss. Here are some ways you can protect yourself:
- raise awareness of the potential impact of vishing/smishing on your business
- implement a policy for reporting suspected cases
- train staff to never share financial or company information with unverified callers
- learn to spot suspicious calls and text
- be rushed into making a quick decision in response to an urgent request
- provide personal or financial information over the phone
- use numbers provided by the caller or in the text, in preference to known contact numbers
- click on a link in a text you weren’t expecting
Where a vishing call is purporting to come from a member of staff, there can be several giveaways:
- the caller refers to the organisation by name on a supposedly internal call
- the call is made to the UK from one country, for information on another
- the caller instructs the recipient to use internal systems to provide information
Find out more about Protecting your business from cybercrime
One of the most common forms of cyberattack, bank phishing operates through emails, calls and texts, which are often convincing and appear to come from legitimate senders.
Short for ‘malicious software’, malware is coded with the intention of stealing confidential information from individuals and businesses. Once it breaches a computer or network, it can also spy on internet activity and damage data. An increasingly common form of attack is the fraudulent redirection of internet banking users.
Business email compromise
Also known as CEO/Chairman fraud, business email compromise is one of the emerging forms of cybercrime that is frequently targeted at SMEs. It combines the techniques of malware and phishing to trick users into revealing confidential business information, leading to huge financial damage.