Smishing and Vishing 

As our digital interactions evolve, we also need to evolve our Scam Radar. You may have heard of phishing, a method of trying to gather personal information using deceptive e-mails and websites. As scammers aim to manipulate people into handing over sensitive data, phishing attacks are expanding into new channels and growing even more sophisticated. 

Have you heard of smishing or vishing scams? Smishing and vishing are types of attacks that try to lure victims via SMS message and voice calls. The aim of the scams is to get credit card details, birthdates, account sign-ins, or sometimes just to harvest phone numbers from your contacts 

Smishing (SMS phishing) is a type of phishing attack conducted using SMS (Short Message Services) on cell phones. Just like email phishing scams, smishing messages typically include a threat or enticement to click a link or call a number and hand over sensitive information. Sometimes they might suggest you install some security software, which turns out to be malware. 

 A typical smishing text message might say something like, “Your XYZ Bank account has been suspended. To unlock your account, tap here: https://bit.lsecure, and the link provided will download malware onto your phone. Scammers are also adept at adjusting to the medium they’re using, so you might get a text message that says, “Is this really a pic of you? https://bit.lsecure”. If you tap that link to find out, once again you are downloading malware. 

Vishing (voice phishing) is a type of phishing attack that is conducted by phone and often targets users of Voice over IP (VoIP) services like Skype. 

It’s easy for scammers to fake caller ID, so they can appear to be calling from a local area code or even from an organization you know. If you do not pick up, then they will leave a voicemail message asking you to call back. Sometimes these kinds of scams will employ an answering service or even a call center that is unaware of the crime being perpetrated. 

In the latest of these scams, the fake caller ID appears as Maryland State Police and shows the actual phone number of a police barracks. The caller will claim that your identity has been stolen or that you are the subject of a criminal investigation. The Maryland State Police say they would never solicit personal information over the phone.  Anyone who gets a phone call like this should hang up and contact their local state police barrack. The contact information for all the Maryland barracks can be found at  https://mdsp.maryland.gov/Organization/Pages/FieldOperationsBureau/allbarracks.aspx 

Old fashioned common sense, skepticism, and vigilance should be an individual’s first line of defense against online or phone fraud. It may sound harsh but trusting no one is a good place to start. Never tap or click links in messages, always look up numbers and website addresses independently and input them yourself. Don’t give any information to a caller unless you are certain they are legitimate – you can always call them back. 

It is better to be safe than sorry, so always err on the side of caution. Legitimate organizations should not rebuke you for hanging up and then calling them directly (having looked up the number yourself) to ensure they really are who they say they are. Always remember if it sounds too good to be true…it probably is.