You can read all over the internet that social engineering is on the rise.
Cyber-attacks are no longer limited to email communication, but more and more often attackers are using phone calls or text messages.
Vishing & Smishing
Fraudsters pose as bank employees who report that a client’s bank account has been hacked and offer to secure the customer’s computer as technical experts. As a “victim” you have no way of detecting their fraudulent behaviour at this point.
Often, victims of fraud are sent text messages containing extremely favourable offers, free trial products or urgent warnings.
The goal is not only to obtain sensitive data, but also to spread malicious codes that they force you to click on. The messages are designed to stun or scare you into taking action quickly. Criminals often extort money from their victims for seemingly leaked data or sensitive photos.
The most famous is the message with the subject line “Congratulations, you won!” to convince the victim that they have won a cash prize or a branded smartphone. There is not a single person on earth who has not received a similar message, which is truly trivial.
Unfortunately, attackers are increasingly using machine learning technologies to create synthetic voices. Thus, they have no problem spoofing a phone order from a company manager convincing a subordinate to transfer money. The authenticity of the call is supported by the personal information they often obtain from the caller’s social networks.
Specific recommendations:
- do not trust unsolicited phone calls and never call back the number of the attacker
- be wary of information on the internet, especially unrealistically profitable or disastrous information
- only download files from official stores or directly from developers
- pay attention to the time of the message sent (most companies operate between 8:00 am and 6:00 pm)
- check with your institution that the data is real before providing it
- report any suspicious calls immediately via the official hotline
- terminate the suspicious call with a promise to call back later
