Latest News

Have you noticed an increased number of phone calls to your personal and work phones lately from someone not in your contacts list? You’re not alone. 

While their execution usually lets them down, no one has ever accused scammers of not being adaptable. And just like other clever bugs and parasites, they have evolved pretty quickly in recent years to our new world and ways of working. And that’s resulting in the explosion of vishing and smishing scams. 

So, what are these scams, and why do they represent an ‘upgrade’ in the scam threat level?

What is vishing?

Vishing is a simple combination of the words ‘voice’ and ‘phishing’. Most have come across a phishing scam. It is an email designed to get the receiver (potential victim) to reveal information to the sender (scammer / attacker). More sophisticated versions of this scam mimic a reputable sending address (e.g. Telstra, Australia Post, Amazon, Apple) and also mimic the branding and layout of the emails of those companies.

Phishing scams are a form of social engineering designed to inspire trust and confidence before the ‘ask’. And that ‘ask’ might be for sensitive information like passwords or financial account information. More subtle phishing expeditions my ask for less obviously sensitive information like dates of birth, place of work or financial institution in order to get more information for a more targeted attack later on.

In contrast, vishing uses voice either through an automated message that plays when the recipient answers the phone, or an actual person on the other end of the line trying and get the same information. 

What is the difference between smishing and vishing? 

Where vishing uses voice to try to scam people, smishing relies on our other major form of communication using our phones, SMS’s and texts. Similar to vishing, it combines ‘SMS’ with ‘phishing’ to get its name.

And like vishing, it has grown in effectiveness because of the pandemic. Specifically, because of the rise in the amount of internet shopping we are doing. Whether you order your groceries for delivery from Woolies or Coles, get a meal kit from YouFoodz or Hello Fresh or just have a steady stream of Australia Post deliveries on their way to your front door, these purchases all share a common thing: the SMS confirmation or progress alert.

When you couple that with an easy to click tracking link (cause who doesn’t love knowing exactly where their groceries are) you’ve got the perfect ingredients for a scam that’s trying to get you onto a web page where you enter some sensitive data.

Why are smishing and vishing scams on the rise?

In a simple three letter acronym the answer is WFH. In early 2020 many of us went on a very unforeseen but largely successful experiment to work mostly from home. Almost three years on, it’s meant that on average, most white-collar workers spend two to three days working from home. And that means receiving more work calls on personal phones.

Out of practicality / security / privacy many of us will block our number from appearing on outbound calls. But when we receive a call while working from home, it often pops into our mind that it might be a work call, so we answer even if the number is unfamiliar or blocked. And that moment of doubt and action are what vishing scammers have exploited in the last few years.

The increased ‘pick up’ rates of calls from unknown and blocked numbers because of the increase in WFH and mobile usage means that the ‘target audience’ for these scams has grown much bigger. And the voice is a far more effective pressuring and influencing tool than an email where there are more opportunities for our subconscious mind to pick up spelling errors or inconsistencies. 

How do I protect my employees from smishing and vishing attacks?

The first and most obvious step is education. But simply going through statistics the dangers of phishing scams, and the tens of millions of dollars they cost businesses each year probably won’t do it on its own.

You can contact CyberUnlocked to get custom cyber security training for your employees. Our training programs can keep your employees vigilant against vishing and smishing attacks.