In my last post, I had discussed about mobile phishing attack and how we can protect ourselves from these attacks. I came across another interesting article recently, that explains about few other kinds of phishing attacks on mobile phones. They are called Smishing and Vishing attacks. These attacks also tricks the user to provide sensitive and confidential information like credit card details by sending SMSs or voicemails.
Smishing attack
However, if you make a call to the phone number provided by SMS then you are asked to provide your bank details or credit card number, which in future will be used by the cyber criminals without your knowledge. Similarly, when you click on any kind of link , you will be directed to a spoofed website of your bank and will be asked to enter your account details or you might end up downloading a malicious code that will infect your mobile device.
Examples of fraudulent SMiShing messages:
- Credit Union N.A. Please call us immediately at 1-888-xxx-xxxx regarding a recent restriction placed on your account. Thank you
- Alert!! Honolulu City & County Employees has limited your account pending verifications. Contact us NOW at 213-xxx-xxxx.
Vishing attack
Another kind of phishing attack is "vishing" or "voicemail phishing" attack. Here the vishers sends a voicemail to you saying they represent your bank or financial institution and you need to call them back immediately or send some important information regarding your bank account to perform some operations. Some attackers will not even send a voicemail. They will call you directly and trick you to provide sensitive and confidential information.
If we encounter such kind of situation, we should directly contact the bank or financial institution to determine if they had sent such request or not, rather than responding back to the fraudulent SMSs or voicemails.