With the increase in technology, the wealth of available information, and the growing craftiness of many criminally minded individuals, the threats to our safety and security are rampant. Today we will just focus on what fight we all need to be prepared for: phishing vs vishing. We will learn what each threat is, what the difference is between them, how to prepare for each attack, and how to win the fight against them.
Phishing involves an attack from a party intending to get their hands on sensitive information, either by a deceptive message or by utilising malicious software on the victim’s hardware. Commonly, the goal of a phishing attack is to get access to a secure network, infect a system with malware, obtain confidential information or electronically acquire money or gift cards. Over the years as technology has developed, phishing attacks have become more and more intelligent and sophisticated, able to do more damage while raising little concern. A phishing technique was first described as far back as the 1980s and brought to fame as it was prolifically used by the well-known hacker Khan C Smith in the mid-90s. By 2020, phishing has become the most common form of attack in use by cybercriminals as it is used over twice as many times as other forms of computer crime. This attack is prevalent in the home and within the workplace too. Between the years 2017 to 2020, phishing attacks in businesses rose from 72% to 86%.
How to Protect Against Phishing Attacks
With phishing becoming so prevalent and similarly so inconspicuous, it’s vital that precautions are taken to identify the risks and prevent the consequential damage.
- Educate and information. The best way to prevent phishing is awareness. Not everyone fully understands the term “phishing”, or the things to look out for that will identify such an attack. Therefore, it’s important to inform yourself. If you’re worried about this attack in the home, do your research, take some online training, and raise your personal awareness of this kind of threat. In a business, it’s essential that phishing awareness is a topic of regular training sessions to keep up with the evolution of the threat. On average, each person receives and sends around 121 business emails a day so it can be easy to let the red flags pass you by. Consequently, raise awareness of the threat, how to see the signs of it and how to report it when you’ve spotted it. New employees need this information, but everyone in the office needs to have their skills refined regularly.
- Use multi-factor authentication. This authentication process involves various factors, such as information that only you would know, a security precaution that only you have or a face/fingerprint that only you possess. Don’t leave the door open to your personal information. Employ two or more “locks” and you’ll feel a lot more at ease with the protection that your information receives.
- Update your software. Old software leaves vulnerabilities. Just like a soldier needs to keep his armour in good shape and working like new, keep your defences in the same tip-top condition. The older a software is, the more gaps there may be that a threat can sneak through. Keeping everything up to date will significantly reduce the threat of malware.
- Be careful with attachments. In a professional role, it’s common to receive documents from people you don’t know but take precautions when opening them. You can choose to open them in an online document reader so that the attachment can be viewed as an image or open them on a dedicated operating system on a virtual machine. This will mean that any potential malware won’t be installed on your machine or get access to your network.
- Use anti-phishing add-ons. The simple downloading of an anti-phishing add-on to your browser can reduce threats significantly. It will help you to detect malicious websites and inform you about infamous phishing sites. Many of these add-ons are free so it makes sense to use them.
96% of phishing attacks use the medium of email, so we might mistakenly be cautious around emails but nothing else. There are other common types of phishing that vary depending on the medium used. This brings us to our next attack: vishing.
Vishing (or voice phishing) uses the medium of voice calls. You would think that it would be easy to identify this kind of call, but these also have become more malicious and harder to detect in recent years. Vishing criminals often use features that block or alter the caller ID to sound legitimate and this is where the danger lies. They often have a sense of urgency to them and the panic this causes is something they manipulate to get the information they want. Additionally, the caller may try to impersonate a genuine company or government agency and use this pretence to ask for information like bank details or money through an online transfer or gift card. Some attackers may even use both phishing and vishing together to add to the believability of the lie that they are trying to spin.
How to Protect Against Vishing Attacks
As vishing becomes more widespread and equally so deceptive, it’s critical that defenses are built to recognize the risks and counteract the attack. Here are a few steps you can take to avoid becoming the victim of a vishing attack.
- Use an app on your mobile to block suspicious callers. Your provider may even offer call blocking for unsolicited phone calls.
- Don’t be afraid to hang up immediately if the caller sounds suspecting.
- Ask for verification of the caller’s identity by obtaining their personal name and the web address of their organisation.
- If the caller makes an offer that sounds too good to be true, that’s an immediate red flag.
- Listen for the auto dialler – this is a tool that attackers use to ring random numbers, but you can spot this if there is a two-second delay between answering the call and the live person speaking.