The bank asks for data via SMS? Does the hotline employee need the password to fix a software problem? Often it is fake. Objective: to get information. An expert explains how those affected recognize this and how fraudsters can be exposed.
The corona pandemic is a good time for fraudsters. Many
people are in the home office, spend more time in front of the screen, and are
prone to direct contact due to limited social contacts. As a result, known
cyber crimes like smishing and vishing are experiencing a second spring. This
affects private individuals and companies alike, who are aware of the fraud by
email but are not too suspicious of SMS and phone calls.
What
kind of meshes are they - and how can I protect myself from them? Gerald
Reischl, Austrian technology and IT expert and author of the book
"Internet of Crimes" has taken a closer look at the tricks of
fraudsters. Here he gives tips on how to recognize them.
Vishing:
A Combination of Voice and Phishing
First
of all: "Vishing" - the word is a combination of "Voice"
and "Phishing". "Phishing" is known from years past. It
is the practice of deceiving people into divulging personal, sensitive or
confidential information. Vishing does not use fake e-mails or fake
websites, but an Internet telephone service (VoIP).
The
trick: someone pretending to be a real person or a legitimate company. This
is not new either, but it will become more popular again in the corona
pandemic. Because: “In times when many people feel insecure not only
emotionally but also about their future, it is extremely difficult to
separate facts from fiction. Then people are more susceptible to fraud,
”said Reischl.
The Personal Address Makes It Easier for Criminals
Vishing
is popular these days because it creates a personal relationship. “In many
cases, the callers describe themselves as experts or professionals in their
field. They pretend to be computer technicians, bank employees, police
officers, or even themselves as victims of such methods, ”says Reischl.
“The
home office situation is often helpful for computer criminals. You can
call employees on the pretext that you are an IT administrator for your own
company. ”The victim's inhibition threshold for releasing secret data has
already sunk. During a conversation, you can elicit passwords and the like
from the employee, smuggle in malware, or access data.
Popular
Scam: Allegedly, the Bank Called Because the Customer's Account Was Cracked
With
vishing you have a contact person directly on the line who can exert emotional
pressure. That makes the method even more perfidious - and often more
effective for the criminals. Vishers can even create fake caller ID
profiles that give the victim a known phone number. This is called Caller
ID spoofing. If the victim does not answer the phone, a voicemail is often
left asking them to call back, for example, because the bank account was cracked
online.
The
Aim of Vishing: Tap Data, Smuggle in Malware
Mostly it
is about receiving credit card details, dates of birth, account registrations, or the like. It's not just about supposed callers from the company's IT
department. Sometimes you have allegedly won a prize, sometimes it's about
a free offer, sometimes about an appeal for donations from a supposed charity, or about a critical matter at the tax office. Everything is fake,
everything is just for data theft.
Calls Feel More Legitimate
When
it comes to e-mails, you are used to spamming or spying attempts, but that's a
different number on the phone. Calls and face-to-face conversations still
feel more legitimate to many people. "And: Vishing is not as well
known as phishing - the fact that someone calls you is still a very fresh area
of crime," says Reischl.
To Be on The Safe Side: It's Better to Hang up Too Much
Even
when talking on the phone, you should always remain suspicious, and always face
pressure with calm. “If a supposed Microsoft employee calls who wants to
update my computer's system online, you should just hang up. It's better
to hang up a call too much than to fall into a trap, ”says the IT expert.
Smishing: Manipulation Through a Download Link in The SMS
The phenomenon of smishing is a similar scam, but the fraudsters rely on
manipulation through SMS (SMS plus phishing results in smishing). Download
links with malicious software can be found in such SMS, but the address in the
SMS reads like a message from a good friend or work colleague. If you
click on the link, the fraudster gets access to the smartphone, can read log-in
data or lock the device and then demand money for unlocking it. Or there
is a link to a fake website in which data is to be entered.
Currently, Popular Trick: Fake Employees Help with Computer or
Smartphone Problems
Spear
smishing are particularly perfidious, in which the freely available data of a
person in the social networks are specifically evaluated in advance. In the
following address, a feeling of familiarity is suggested. Probably the
most popular right now is to pretend to be a customer service employee and to
help with a supposed computer or smartphone problem.
Avoid Smishing Traps: Always Remain Critical
"Many
users have not yet recognized the danger that can also arise from an SMS,"
says the expert. The best way to avoid smishing is to remain suspicious of
winnings, coupons, or offers via SMS.
Banks and
Co. certainly does not ask for data via SMS. The same goes for companies. “I
don't know of any company that sends text messages to users to log into a
portal to update data or to log into a website,” says Reischl. Further
advice from the experts: Do not click on links in SMS and always check the
sender number before replying to an SMS. The expert warns: "The same
applies here: It's better to delete one SMS too many than to become a
victim."
Install original antivirus to protect your computer from online fraud.
Comments
Post a Comment