The current COVID-19 scare has more people working from home than ever before and has put a much stronger reliance on bring your own device (BYOD) as well. So, with more people relying on their phone for work-related activities, it’s no surprise that more cybercriminals are taking advantage of potential new vulnerabilities. Specifically, new vishing and smishing scams are on the rise.
In this article we cover:
What Is VISHING and SMISHING?
Vishing is short for “voice phishing” and smishing is short for “SMS phishing” and are both variations of phishing attacks that target mobile phone users specifically. Email-based phishing attacks originated back in the early 1990’s and employed a technique of social engineering to deceive a user into giving up identity information such as usernames, passwords and credit card details which could then be used to impersonate or defraud that person. Despite efforts to combat these attacks, billions of dollars have been lost to cybercriminals through these scams in the last 30 years.
Vishing attacks are conducted by phone and often leverage the power of Voice over IP (VoIP) services. According to a CSOonline.com article titled “Smishing and vishing: How these cyber attacks work and how to prevent them”:
“It’s easy to for scammers to fake caller ID, so they can appear to be calling from a local area code or even from an organization you know. If you don’t pick up, then they’ll leave a voicemail message asking you to call back. Sometimes these kinds of scams will employ an answering service or even a call center that’s unaware of the crime being perpetrated.
Once again, the aim is to get credit card details, birthdates, account sign-ins, or sometimes just to harvest phone numbers from your contacts. If you respond and call back, there may be an automated message prompting you to hand over data and many people won’t question this, because they accept automated phone systems as part of daily life now.”
Smishing attacks are similar to vishing, only use a SMS message to entice the mobile phone owner to click a link or download an app that is usually some form of malware.
COVID-19 Phone Scams
As you can imagine, one of the biggest challenges COVID-19 is opening up is all of the new phone scams to trick consumers and BYOD employees out of money or personal confidential information like credit card numbers, social security numbers and even usernames and passwords. Here are 4 scams you should look out for:
- Testing scam(s): Prey on a specific condition like diabetes to offer a bogus testing kit.
Here is an example:
“If you are diabetic and using insulin. We can qualify you to get a free diabetic monitor and a complementary testing kit for Corona virus. To learn more please press one otherwise please press two.
- Student loan scam(s): Preys on student loan targets but really seems like a debt reduction company doing shady practices.
Here is an example:
“Hello this is Brett PJ sick(?) with an important message regarding the effects of the Corona virus outbreak on your student loans as you may have already heard the president shopping-vouchers(?) power as commander in chief by requiring a national emergency due to the widespread impact private(?) 19 new measures will include the interest on your Federal Student Loans until further notice during this time our office has continued to maintain full staffing levels and will continue to do so until further notice. For more information on how these new measures will impact your future payment obligations. Call us back today at 855-264-4711 before 6:00 PM Pacific Standard Time. Thanks and have a great day.”
- Amazon Work From Home (WFH) scam: Preys on consumers who recently lost their job or looking for supplemental income.
Here is an example:
“Hello this is a courtesy invitation to work with Amazon from home and make up to $400 a day. Open enrollment has begun for the Amazon associate program. The program allows you to partner with Amazon and share in their success. As a referral partner. Everyone over 18 qualifies. No sales or technical experience or needed work from home you set your own schedule. To learn more about partnering with Amazon called the Amazon hotline at 360-203-1731. Spaces are limited so please call now 360-203-1731 that’s 360-203-1731. Thank you.”
- HVAC Scam: Preys on fears of an airborne virus to offer unneeded services.Here is an example:
“Recommend sanitizing your docs and air filters to protect your loved ones from the Corona virus. For only $159 our highly trained technicians will do a full air duck cleaning and sanitation to make sure the air you brief(?) is free of bacteria. So, don’t hesitate. Press zero and have your duck system cleaned and sanitize now. Press nine to be removed from this list”.
Avoiding COVID-19 Scams Is Easier Than You Think
Bottomline, you can avoid COVID-19 vishing and smishing in the first place with an app that blocks robocalls as well as scammers and spammers, and it is easier than you think to get started. In fact, it’s free and you can get started today in less than 5 minutes. You shouldn’t have to pay for services like blocking spammers. You also shouldn’t be stuck with the limitations your phone carrier imposes on you.