Can you guess how much money was lost to phishing in 2020? An estimated € 54 million!
According to the FBI report phishing is an all favourite of the cyber-criminals over the past five years. Every day, people fall for scams on the regular, leaving them out of pocket, slightly confused, and upset when they can’t afford their vacation to Barbados. Therefore, to avoid the undeniable disappointment and frustration, it’s essential to understand phishing, preventing you and your loved ones from falling victim. Oh, and to ensure you have enough spending money for that trip…
To help clear up the confusion surrounding phishing, this article is full of information what it is and how to protect yourself. However, the overarching theme is how millions of pounds, euros, dollars, and other currencies are lost each year due to phishing via SMS and other scams – we’re here to help you prevent this from happening to you, whether it’s the first time, or tenth time (we really hope it isn’t the tenth time…).
So, without further ado, let’s reel it in and get to it.
What is phishing?
To begin with, we need to discuss what phishing is. According to Phising.org, phishing is a cybercrime whereby criminals contact you by email, text, phone, or other digital means in an attempt to lure or trick you into providing them with your private and personal information, such as bank details, passwords, and security questions and answers.
As you can imagine, if a criminal has these sensitive details, they can cause unrivaled financial harm, perhaps taking it further, committing other crimes and appearing to be you (posing real concern and consequences). There are numerous ways to protect yourself against phishing. However we will first discuss the different types of phishing methods used by cybercriminals in more detail.
What are the different types of phishing?
As previously touched upon, there are many different types of phishing used by cybercriminals. For example, these phishing techniques include:
- Deceptive phishing
- Vishing
- Smishing
Deceptive phishing
Some of these phishing types can be used in combination with another, usually deceptive phishing (it may sound like something from James Bond, but it’s a serious thing!), impersonating a legitimate company or business through the use of real links and information to convince people to send over their personal and confidential information. Often, when you think of phishing, the definition we associate with the term is the deceptive kind.
Criminals will use real company details, whether this is brand details such as a logo or real links to websites, such as your local parcel company. However, they also embed HTML code and other details to steal your information, whether via a hack, or most commonly, by tricking you into sending over your personal information.
Deceptive phishing is a lot like guess who, a lot of the characters look familiar, but unveiling who is the criminal and who is the real deal can be difficult, especially as criminals impersonate real companies. For this reason, it’s extra important to pay attention to the smaller details, such as spelling mistakes in emails or text messages, unusual behavior, messages from unknown numbers and regular mobile numbers, spam emails, detecting modified brand details, although this can be rather challenging, especially if you don’t know what exactly you’re looking for. So, if you want to win the game of guess who, not making a fool of yourself in the process, then you need all the deets on how to prevent a phishing scam from happening to you. And no, playing guess who does not count as practice…
Vishing
Within deceptive phishing, there is also what is known as “vishing,” and no, it’s not the Wish version of phishing…, but certainly a weird-sounding term. Vishing is a type of phishing that occurs over the phone, with targets contacted via a call while the criminal pretends to be someone else (an odd bit of roleplay), such as a bank or delivery service. As we’re sure you’re aware, bankers don’t contact you via mobile, so if you fall for that one, then perhaps it’s on you.
Anyways, spotting vishing is usually fairly simple: often scammers will inundate you with technical jargon (this is, in fact, nonsense…) in an attempt to confuse you. Also, will be unable to provide you with any further details when asked specific questions (you also get to make a fool of them!). Furthermore, caller ID is often used, and if not, you can detect the mobile number anyways – now that’s what you call a poor attempt at phishing, not even setting up the bait correctly.
Smishing
Smishing is one of the most common types of phishing, paired with deceptive phishing (no, stop thinking of James Bond, this is a serious topic!). However, what is smishing? Smishing is phishing done via smartphone, contacting targets via SMS or text message. Generally, this type of phishing uses deceptive links to trick people into giving away sensitive information. However, can also include the download of malicious apps for remote control of a device, link stealing forms, and other deceptive acts such as asking targets to “contact” customer support for assistance. However, yes you guessed it: the scammer is customer support, looking to steal your information. Surprise, right?
What is phishing in relation to SMS?
SMS phishing is one of the biggest scams of the twenty-first century. This type of phishing is when a criminal contacts you or someone else via SMS (text message) pretending to be someone else in an attempt to steal sensitive and personal information from you.
For example, let’s say you receive a text message from DHL, informing you that for your package to be delivered, you must pay an additional €3.99 delivery fee. Initially, you may think this is legitimate, then clicking on the link provided, entering your bank details, and supposedly paying the fee. However, not only are you spending €3.99, but you’re also giving away your details to an individual or business posing to be DHL. This can be easy to fall for, especially if you have a parcel arriving from the same company.
There are also many other examples of SMS phishing, however, they generally all follow the same guidelines: pretending to be somebody else to obtain sensitive and personal information from you.
In total, billions of dollars have been lost due to phishing, with the SMS method being one of the leading methods of cyber theft (yet you’re still waiting on a text back from your crush). For example, a blog post by Inky (a leading cloud-based security platform), mentioned how the FBI estimates approximately $12 billion dollars (equivalent to just over €10 million euros) to have been stolen in the last five years. And that’s likely only the tip of the iceberg, with the majority of phishing scams via SMS (and other methods) flying under the radar, never to be detected.
So, with this in mind, and you no doubt quaking in your boots and tempted to check your text messages, r let’s discuss how you can best protect yourself against SMS phishing, protecting your identity, financial information, and personal details.
How to protect yourself against phishing via SMS?
Protecting yourself against SMS phishing is crucial, ensuring you don’t just become another statistic, losing hundreds, or in some cases, thousands of pounds to cybercriminals. So, how can you protect yourself?
Below you will find a few useful tips:
- Always search the number before any further interactions
- Don’t open anything you do not trust
- If in doubt, call the company
- Look for spelling mistakes and obvious errors
To add to your arsenal of protection against text message phishing, let’s explain each tip in more detail.
Always search the number before any further interactions
Upon receiving a suspicious text, you should search the number on Google. Usually, this will reveal who the number belongs to, especially if it is registered to the company that is approaching you.
Tip: To avoid the despair and frustration associated with phishing, oh and the inevitable crying while eating terrible tasting ice cream, Google all numbers to see whether or not they’re registered. You can thank us later, preferably by lending us a spoon to get involved on that ice cream action.
Don’t open anything you do not trust
Second, don’t open anything you do not trust. This includes text messages and more importantly, links embedded within the messages. Sometimes, a link can be enough to trigger cyber theft, so don’t jump the gun just because you’re curious. The gun will go off, and your details will be stolen. Don’t say we didn’t warn you.
If in doubt, call the company
As a general rule of thumb, if you ever have any doubt surrounding a suspicious text which you think could be phishing, give the customer service department at the company a call. It’s important not to dial the number you received the message from. Instead, locate the correct number on the companies official website, ensuring you receive the most reliable and accurate information. If you dial the number from the text message you are more than likely to be forwarded straight to the cybercriminals who will provide you a very customer-friendly service informing you that you should definitely fill in the details requested.
Look for spelling mistakes and obvious errors
Finally, most scammers and those phishing billions via SMS (and other methods) often make simple spelling and grammar mistakes. While we’re certainly not the grammar police, use common sense – if the text reads like trash, almost as if it was written by a three-year-old (no offense to three-year-olds…), then chances are it’s a phishing SMS. If this is the case, avoid it entirely, and where possible, report it to the company so they are aware of this.
Often, waves of different scams and phishing texts go around, so there’s a good chance you’ll hear of it before receiving it. It is also worth noting that for phishing via URLs to work, a phishing campaign would need to use a different URL. For example, instead of www.ikea.com, they may use an alternate, perhaps www.ikea.net (or something similar). So, before you go ahead and enter your details into the popular furniture, and now meatball and food website (seriously, how can you specialise in furniture and food?), perform a quick Google search of the company and make sure they come up with the same URL. If in doubt, give the company a ring, we’re sure they’ll be more than happy to clear this up for you! After all, they do want you to buy a sofa, a chair, and their very own strawberry jam…