As its name suggests, malware is software with malicious intent. Malware can be made to spy on users, steal sensitive information like credit card numbers, track your location, or download harmful software without your knowledge. Ransomware encrypts the information on your device, rendering it inaccessible or threatening to block it until you pay the ransom.
All three of these techniques are designed to trick you into handing over sensitive information such as passwords and bank account numbers to criminals. Criminals accomplish this by masquerading as trusted sources such as payment services, online merchants, and even government agencies. To further entice you to respond, criminals often add a sense of urgency to their messages. For instance: a problem with your payment information, suspicious activity on your account, or you’ve won a prize and need to claim it. Now, let’s examine the differences between phishing, SMSishing, and Vishing.
Phishing attacks are delivered via email. At first glance, phishing emails might appear to come from legitimate companies and organizations. Email addresses, logos, and designs can all appear official, but they’re all part of schemes to encourage you to click on malicious links that send you to legitimate-looking webpages designed by criminals to capture your username, password and other details.
SMSishing attacks are delivered via text message or SMS. Like phishing emails, they’re worded as if they’re from a trusted organization and they work by enticing you to click a link - often containing malicious software that can harvest your contacts, passwords, credit card details, and other valuable data on your phone.
Vishing attacks are delivered via digital phone (VoIP). Commonly, these scams use automated voice messages to impersonate the IRS, banks, computer tech support, or even telemarketers selling extended auto warranties. Messages urge victims to call a toll-free number. When they do, automated menus ask customers to say or key in sensitive information in order to respond to an issue or take advantage of an offer.
With social engineering, criminals often combine psychological manipulation with techniques such as spear phishing (a hyper-targeted phishing email). Typically, criminals have more pieces of information about potential victims, which leads to schemes such as fraudulent work emails programmed to look as if they’ve come from your company’s leadership. Often, they’ll ask employees to log into a site, send sensitive information or complete a wire transfer to a phony supplier.
Everyone loves going on vacation, which is what makes travel such an attractive target for thieves. From online ads for “free cruises” (after you pay taxes, port charges or other fees) to fraudulent vacation rental listings, criminals often use the excitement of travel get you to pay now for benefits that never materialize. A different type of travel scam occurs when a person’s email or social media account is hacked, allowing criminals to send desperate-sounding messages soliciting wire transfers designed to make you think your friend or contact needs the money to get home from a foreign country.
Sources: Federal Trade Commission “Travel Scams,” Florida Department of Agriculture and Consumer Services “Travel Scams,” Washington State Office of Attorney General “Wire Transfer Scams”