Page 11 - Telecom Reseller JulAug 2016
P. 11
July/August 2016
Telecom Reseller 11
SJOUWERMAN
continued from page 3
techniques to many forms of communication Message Service (SMS), a telephone- based text or installation of malicious so ware. Hooks e text urgently instructs the victim to
because the underlying principles remain messaging service. A smishing text provides bait needn’t be clever or complex to be e ective. A download “necessary” security so ware.
constant, regardless of the medium: Lure victims that attempts to entice a victim into revealing person receives a text message that prompts an ● e victim receives and reads the text
with bait and then catch them with hooks. personal information; in this case, the hook
action.
message. e text message (bait) lures the victim
Although most phishing attacks happen over is usually a uniform resource locator (URL)
To gather information, the criminal might to bite on the hook.
computer networks, scammers are quick to target or a phone number. Attacks of this kind show use dial-tone interpreters to decipher dial pad ● e victim complies with the instructions
alternate channels. e same phishing principles scammers’ versatility in reaching out to ensnare input, or speech interpreters to analyze speech. in the text message. e victim dials the callback
apply whether an attack is via computer or by victims across di erent media.
e action the victim takes usually involves the number, installs the requested so ware, and is
phone.
installation of a Trojan program.
“hooked.” is attack could easily lead the victim
What Criminals Want from Victims
SELECTING THE BAIT
to reveal private data to an automated system.
ough phishing can happen in various
Bait texts create a false sense of urgency to A SMISHING EXAMPLE
Obvious attempts are easy to spot and avoid.
ways, the information that is stolen is typically encourage a victim to take action. Basic examples Let’s examine an example of a smishing attack: Bad grammar, poor spelling, unsolicited messages,
numeric. e most valuable information includes include unknown service charges, phony online ● e thief establishes a range of numbers
bogus URLs, forged emails, and shady get-rich-
the following:
purchases, cash prize winnings, and suspended to auto-dial. Even if only 1% of 1,000 people quick schemes are typical attempts.
● Credit card details
account reactivation.
respond, the thief stands to gain quite a lot. A well-cra ed text at the right time can fool
● Account numbers and personal ● e thief creates a link to download
almost anyone. Anxiety, stress, fear, anger—
identi cation numbers (PINs)
SETTING THE HOOK
ctitious security so ware. Once the hook is set, emotions that erode our ability to think clearly
● Social security numbers
A smishing hook tries to entrap victims through bait will lure the victims.
and judge correctly—are excellent triggers for a
● Passport numbers
solicitation and capture of sensitive information,
● e thief sends a text message to a victim.
scammer to exploit. ■
● User names and passwords
● Birthdays and anniversaries
Criminals use the data they harvest for identity
the and other forms of fraud. Knowing birth
dates and anniversaries can help them crack
passwords or challenge-response sequences
(questions) that sometimes serve as forms of
authentication.
HOW CRIMINALS LURE VICTIMS
e shing bait-and-hook analogy applies well
to phishing. Scammers lure victims by using bait
that targets speci c social, mental, or emotional
triggers. e phishing “lures” cybercriminals use
to bait victims can take many forms, including
the following:
● Account suspension: reatening to
suspend account access
● Billing veri cation: Requesting con rmation
of or updated billing information, which is
actually not needed
● Unauthorized sign-in: Warning that an The Sound Choice for Conferencing
account is locked because the number of attempts
to log in exceeded a threshold
● So ware downloads: O ering a free utility
that will x a computer problem
● Lottery prizes: O ering bogus winnings
with processing fees
HOW CRIMINALS PROFIT FROM
DATA THEFT
Phishing is rarely a one-act crime. Usually
it begins as a broader criminal strategy that
involves various illegal activities, including
stealing, selling, and otherwise misusing private
or con dential information. A criminal who Quality, natural sound enables
obtains social security numbers might obtain communication and collaboration with
credit in the victims’ names, buy goods online less effort in any meeting environment,
with that credit, and then sell those goods online that’s why our technology partners
or overseas. In the case of healthcare fraud, recommend us.
criminals may even sell stolen patient data to
organizations that in turn use the data to defraud Revolabs provides crystal-clear
Medicaid and Medicare.
audio conferencing solutions for
Criminals bene t from stolen information in uni ed communications, enterprise
the following ways:
collaboration, and professional audio
● Using stolen identities for monetary gain applications.
● Controlling the nancial accounts of others
● Purchasing products and services
Compatible with leading uni ed
● Submitting phony credit and loan
communications platforms including:
applications
● Pilfering funds, stocks, or securities
● Laundering ill-gotten money
● Stealing government bene ts, such as social
security checks and unemployment bene ts
In many cases, committing the crime is easier
than cleaning up the consequences. Criminals
need only a few pieces of vital information and
a little time to defraud entire groups of people at
once. Victims, both individuals and companies,
can spend years recovering from the damaging Visit revolabs.com/partners
e ects of crimes. It’s no wonder criminals see
phishing—and the variants we’re about to
discuss—as easy-entry, low-risk crimes that yield
high nancial returns.
SMISHING
Smishing is phishing conducted via Short
