Cyber villains are continuing to evolve their strategies. Here’s what you should be doing to help maintain your defenses.
Summer may be almost over. But while some of us have been relaxing, spammers and hackers have been hard at work devising new ways to trick us into sharing personal data that could be highly damaging—both personally and financially.
By now, most of us have become familiar with how to spot phishing emails and avoid them. In response, the bad guys have gotten more sophisticated and moved on to different forms of attacks. I’ll describe three of these—and how to defend yourself against them—in this post.
Smishing moves into text territory
“SMiShing” attacks are becoming increasingly prevalent. Smishing, or SMS phishing, is an attempt to get you to respond to requests via text messages on your mobile phone. The goal is to infect your phone with malicious programs. This might take the form of a message something like this: “We’re confirming your subscription. Please go to www.phonywebsite.com if you did not subscribe.” The idea is to get you to click on a link by creating a sense of urgency. You should never respond to messages if you’re unsure of the sender.
Unfortunately, there is no way to block smishing messages. Your key defense is to remain educated and vigilant. If you are unsure of the sender, it’s always best to do a web search for the phone number the message is sent from. You can also try doing a search on the message’s content to see if that can identify a possible scam.
If you’re an iPhone user, there are newer features available to help protect you. You can choose to filter messages from Unknown Senders, as well as actively block messages and calls from numbers that you do not trust. These features can be found under Settings (Phone or Messages) in the iPhone. Keep in mind that if you want to block a specific number, you will need to add it to that section of your Phone or Messages Settings.
There are a number of apps available in the App Store that will identify possible spam callers with the notification “Possible Spam” or “Suspected Spam.” If you’re interested in trying one, please research any of these third-party apps before installing one on your phone. Your cell phone carrier also likely offers a similar service—but for a monthly fee. Verizon, AT&T and T-Mobile, to name a few, offer services designed to identify and block scam and telemarketing calls. The quality of each carrier’s service varies and none are 100% effective, which is why it’s still important to remain on the lookout.
If you have unknowingly downloaded malicious apps or programs on your phone, there are some telltale signs that may tip you off. The most obvious is that you may see unexpected pop-up messages in your smartphone’s web browser. Less obvious but also important signs might be your phone seeming sluggish—or unexpectedly slowing down—due to the invader’s memory usage. Another sign could your phone heating up noticeably, due to lots of processes running simultaneously.
Also making the rounds: vishing and sextortion
Similar to smishing, “Vishing” is a method hackers are using with phone calls and social engineering to try to get you to disclose sensitive information. This may take the form of a voicemail from a number you don’t recognize, asking you to call someone posing as a customer service agent at a well-known company you may have an account with. The hackers will try to get you to disclose information they can use to gain access to important accounts you have elsewhere. As with smishing messages, it’s best to verify that the number they’re calling from is valid.
Another major scheme currently doing the rounds is a sophisticated sextortion scam. Essentially, it entails hackers sending emails with claims that they have proof that the recipient has been visiting pornographic websites. They may state they have video recordings that they’ll send to all their target’s contacts unless the scammers are paid ransom in Bitcoin. This scam is not new. What is noteworthy is that the scammers are now showing recipients their old passwords in the emails to convince them of the legitimacy of the threat.
Since so many websites have been hacked over the last several years and data has been leaked, there is now a high probability that many passwords for very many people have been obtained by malicious actors. Since people typically tend to recycle passwords, this also means that hackers may have the passwords they use for other websites as well if they haven’t changed them in the last several years.
Because of this, the sextortion scams have been reasonably successful at scaring people into paying Bitcoin ransom money when they are shown that the hackers have their current or old password.
Password power
This highlights the importance of keeping your account passwords up to date, unique, and complex across the web. Utilizing a password manager like LastPass, Dashlane, or 1Password can be very important in helping you keep passwords up to date, as well as helping generate random and complex passcodes when you create new accounts. Also, we strongly recommend that you utilize Multi-Factor authentication wherever possible.
To sum up: Always remember to be wary if any type of request you see on your smartphone looks abnormal and is not from a trusted source. Hackers continue to get more sophisticated—and needless to say, there’s a lot at stake if they gain access to your personal data.
For more information or questions, please contact Halbert Hargrove at hhteam@halberthargrove.com.