Phishing, Vishing, Smishing
By means of phishing, the criminals lure victims into providing their passwords and other personal information.
Fraudsters try to obtain confidential data from unsuspecting users. This could involve access credentials for email accounts, online auction sites or credit card details. The fraudsters take advantage of their victims' good faith and helpfulness by sending them emails with false sender addresses. The emails tell the victims that their account details and access credentials (e.g. username and password) are no longer secure or up-to-date, for instance, and need to be changed using the link provided in the email. However, the link does not lead to the genuine page of the respective service provider, rather to the fraudster's apparently identical web page.
Another way of obtaining sensitive data is so-called vishing (short for voice phishing). Vishing uses verbal scams, usually over the phone, to trick people into doing things they believe are in their best interests.
It is often difficult to spot vishing attempts. For instance, callers can spoof the caller ID at will. This makes it difficult to identify the caller if, for example, a known or trustworthy number is displayed. Victims often do not realise that the person on the other end of the phone is conning them until after they have handed over their credentials. However, there are some warning signs that can help you spot potential scams.
- In many cases, the callers are self-appointed experts or authorities in their fields. They masquerade as computer technicians, bankers, police officers, or even victims themselves.
- The callers exert pressure.
- The callers ask for confidential information over the phone.
Data can also be stolen via text message. Smishing is a form of phishing, also known as SMS phishing, that uses convincing phishing SMS/text messages to trick potential victims into clicking on a link and sending personal information to the fraudster.
Smishing messages typically appear to be from a trustworthy sender, e.g. a well-known retailer or logistics company. These messages can be disguised as a parcel notification, for instance. A link in the message usually takes the recipient to a website created by the fraudsters on which the person is asked to enter personal data or credit card details.