Phishing, Quishing, Smishing, and Vishing – What do they mean and how can you protect yourself
With cyber-attacks increasing daily, you may have heard about phishing, quishing, smishing, and vishing but what exactly are they?
In our latest blog written by Gareth Stinton, Cyber Security Specialist, he explains what they each mean and shares some tips on how to protect yourself.
Phishing (Email Phishing)
This age-old trick relies on tricking individuals through fraudulent emails, posing as trustworthy entities like banks, e-commerce sites, or even government agencies. The term “phishing” is derived from “fishing” as attackers cast their bait widely across the internet hoping to hook unsuspecting victims.
These emails can be meticulously crafted to appear legitimate, often asking recipients to click on links that lead to counterfeit websites, or to download malicious attachments.
Picture this scenario: you're sipping your morning coffee and decide to check your email. Amidst the many messages, you spot one claiming to be from a colleague, urgently asking you to review a document by clicking on a link and logging in to your account. You may not think twice and click, only to find out later that you have been maliciously attacked.
So what can you do?
Quishing (QR Code Phishing)
Quishing, also known as QR code phishing, has massively increased in popularity as cyber criminals are taking advantage of the widespread use of QR codes in daily life.
Quishing uses a QR code to carry out a phishing attack, usually either to trick people into revealing sensitive information or infecting devices with malware. Because QR codes obscure the destination of the link it creates a prime opportunity for scammers. QR codes have been around since 1994 when they were invented to track vehicles during manufacturing in Japan, but they didn’t really peak in popularity until Covid when businesses needed to find quick contactless solutions.
We now use QR codes daily, out in restaurants, to sign up to events, to pay for parking or to view a website on an advert. With the increase in popularity, opportunities for Quishing attacks have massively expanded.
Picture this scenario: you're in a hurry, late for an appointment, and you rush to pay for parking. You spot a QR code that promises to take you to the payment portal. You scan it, input your bank details, and think you've paid for parking. But in reality, your information has been handed over to a fraudulent third-party site. Another scenario is you are at an exhibition for work, and you see a poster about a networking event happening that evening, with a picture of QR code asking people to scan it to ‘sign up’ you scan that code and malware is downloaded onto your phone.
QR codes sent via email also have less chance of being picked up by cyber security defences than links or attachments, so please be cautious if you receive an email with a QR code asking you to act.
So, what can you do to protect yourself:
Vishing (Voice Phishing)
Vishing, or voice phishing, is basically the modern take on traditional telephone scams. Scammers use urgent or alarming phone calls to trick individuals into sharing personal information or transferring money. The attackers might pose as representatives from banks, and government agencies, or even claim that you've won a prize to try and trick you.
Picture this scenario, you get a phone call when you are late for the school run, it is someone from your bank telling you that there has been a suspicious transaction on your account, they ask you to verify your bank details so they can resolve the issue. You panic and hand over your details.
How can you protect yourself:
Smishing (SMS Phishing)
Smishing, short for SMS phishing, creates fake mobile text messages to try and trick people into downloading malware, sharing sensitive information, or transferring money to cybercriminals.
Much like their email-based counterparts, smishing messages often mimic trusted sources and employ social engineering tactics to trick the recipient into responding or clicking on the link.
Even though 3.5 billion smartphones worldwide can receive text messages from any number across the globe, users still tend to place a higher level of trust in text messages, which makes smishing attacks an enticing prospect for cybercriminals,
Smishers employ a variety of tactics to extract confidential information from their victims. For instance, they might gather basic details about their targets, such as names and addresses, from readily available online sources. Armed with this information, smishers craft messages that appear to come from trusted sources, addressing the recipient by name and even mentioning their location, creating a convincing and compelling narrative. Within these messages, a concealed link points to a server controlled by the attacker, potentially leading to a malicious website designed to harvest credentials or deliver malware capable of compromising the recipient's smartphone. Once the malware infiltrates the device, smishers gain access to sensitive data or silently siphon it to their own servers, leaving victims vulnerable to a host of potential threats.
Picture this scenario: you receive a text message saying that your streaming subscription service is about to be cancelled due to a payment issue. You are asked to click on a link to “resolve” the issue, you click on the link, and you are sent to a fraudulent website.
Other types of common smishing attacks claim to be related to tech support, tax claims, your bank, account verification and prize or lottery scams.
So, what can you do?
Most attackers use either urgency, curiosity, or fear to trick you into giving away your information. It’s important as you go about your day-to-day life that you take a pause before you act. If something doesn't feel right, then it probably isn't. It’s really important that you trust your instincts and, if in doubt, it’s better to be overly cautious!
Phishing, Quishing, Smishing, and Vishing are ever-present threats in our digital lives but by understanding how these attacks work and following best practices for online safety, you can significantly reduce your risk of becoming a victim.
If you are victim of a scam or see something that you suspect could be an attempt at phishing, smishing, quishing or vishing then please report it. Reporting a scam is free and only takes a minute but if everyone acted, we could help prevent future people from becoming victims.
To report scams please visit https://www.ncsc.gov.uk/collection/phishing-scams
If you suspect your business has been hacked, please get in touch with Toro today.