The rise of smishing and vishing
In recent years, more and more people have fallen prey to smishing and vishing. Why is this the case, how do smishers and vishers operate, and how did three blind vishers fool the Israeli army? All will be revealed in this blog post.
What is vishing and smishing?
There are different types of phishing: vishing, smishing, whaling... It's not just the ordinary phishing emails that can be dangerous. But how does smishing work? Usually, you will get a text including a smishing link that leads you to a website with a download link for an app that in reality contains malware or ransomware. An example of vishing are the well-known phone calls from so-called Microsoft help desk employees who urgently need your password to fix "a problem". Just like phishers, smishers and vishers use social engineering to play on the victim's feelings. In addition, advanced vishing tools like spoofing allow hackers to choose which phone number or name appears on the screen of the person they are trying to vish. Therefore, it is becoming increasingly difficult to recognize vishing and smishing.
Just like phishers, smishers and vishers use social engineering to play on the victim's feelings.
The term smishing (meaning “SMS-phishing”) originated as early as 2006, but it is only in recent years that the number of cases of smishing and vishing has skyrocketed. A study from the FBI Internet Crime Complaint Center shows that in mid-2020, smishing increased by 328% compared to the beginning of 2020. Vishing fraud only accounted for 2.7% of all cell phone calls in 2017, while in 2018 that already rose to nearly 30% and even increased by 44% at the beginning of the corona pandemic.
But why have these numbers increased in recent years? Firstly, almost everyone has a cell phone now, so the number of potential victims is higher anyway. The emergence of all kinds of services that keep you informed via a text message also makes it extra easy for smishers to abuse them. And, of course, the corona pandemic is part of the problem. False text messages to get your vaccine, call centres that sell the "miracle" drug against COVID-19, a warning from a high-risk contact... you name it.
Next-level vishing: the Badir Brothers
If you're thinking, "I’ll recognize a fake phone call like that from a mile away", then you don't know the Badir Brothers. The three blind brothers Muzher, Shadde and Ramy Badir from Tel Aviv earned more than $2 million between 1993 and 1999 with phishing and vishing attacks. Their supersensitive hearing allowed them to effortlessly imitate any voice including characteristic traits. On the phone, the brothers turned into real 007s; they seduced women and filched secret information from Israeli army security officers. They asked their prey to log in, and by listening to which keys were pressed, they could find out passwords and telephone numbers. Once they gained access to the phone system, the Badirs made sure the phone lines stayed open and the money was transferred into their own bank accounts.
Great danger, greater caution
Even if you are careful, anyone can fall victim to smishing or vishing. The emergence of smishing and vishing attacks and their increasingly sophisticated nature pose a growing danger. That is why more caution is needed. Here are a few tips:
1. Banks or other authorities never ask for your details by text message or telephone.
2. Check the web address you were sent to: is it a known domain name? Does the link start with https?
3. Still fell for it? Contact Card Stop immediately.
4. Of course, prevention is better than cure. Thorough training in the area of phishing is indispensable. On our blog, you will find numerous articles filled with tips and tricks on how to protect yourself. Our Phished Academy goes one step further and will make you and your employees the safest and most aware phone users around in no time.