Smishing and Vishing and Phishing, Oh My!
The holiday season is upon us. And while most of us are preparing to celebrate with family and friends, cybercriminals are taking advantage of system vulnerabilities for scamming. The top threat for businesses this time of year is phishing attacks.
Most businesses have a framework in place to protect their network and data from email phishing. But did you know that “phishing” applies to more than just email attacks? Since 96% of phishing attacks arrive via email, the term “phishing” is sometimes used to refer exclusively to email-based attacks. But it’s important to guard against threats arising from other means of communication too, including smishing, vishing, and social media phishing.
What Is Smishing?
Smishing, or SMS phishing is phishing via SMS text message. The victim of a smishing attack receives a text message, supposedly from a trusted source, that aims to solicit their personal information or download malware on to the victim’s device.
What Is Vishing?
Vishing, or voice phishing is phishing via phone call. Vishing scams commonly use Voice over IP (VoIP) technology. Usually, cybercriminals pose as an employee of a legitimate company and attempts to obtain financial or personal information from the victim.
What Is Social Media Phishing?
Since so many legitimate businesses use social media to deliver promotional offers and keep customers informed, it makes social media an attractive platform for threat actors to execute phishing attacks. Hackers use social media messaging or malicious links to gain login credentials, credit card information, and personal information from victims that can then be used to launch other scams and attacks.
[Related: Protect your organization with our Data Breach Checklist]
Why Am I More Vulnerable During the Holidays?
During the holidays, humans tend to fall under the spell of what behavioral scientists call holiday euphoria—that festive feeling that can induce impulsive behavior and exacerbate the all-too-human desire for instant gratification.
This impulsive euphoria, coupled with current supply chain fears, means that people are more likely to click malicious links or documents, visit unproven sites, or otherwise inadvertently expose valuable data in the effort to get a better deal or finish up a task.
What Can I Do to Protect Myself and My Company?
Security awareness training is a must for businesses. But keeping track of the latest threats and training your employees on how to stay safe can feel like an impossible task given the breakneck speed at which the cyber threat landscape keeps evolving.
The challenges of creating and running an awareness program vary depending on the number of employees—Corsica Technologies is here to help. Our solution offers a fully integrated platform for awareness training combined with simulated phishing attacks to measure program efficacy.
