Phishing comes in many forms, whether via email, telephone, or text, the point is to get you to hand over important information like usernames and passwords. It’s a form of social engineering that convinces people to provide data by manipulating their confidence.
Both Vishing and SMishing are on the rise. A call may come in from what appears to be your front desk, your bank, your credit card company, etc. They’ve Spoofed their outbound Caller ID so that you think the call is originating from a place that you trust. These tactics can be used on anyone but are also prevalent in Whale Phishing where the target is much higher profile. These attacks are much more effective because for years, folks have been focusing on emails, however, with VoIP’s rise and development the technology has been used to attack user’s confidence. This is the same tactic used with SMishing which is a text message from a number you’d trust, that prompts you to click a link which installs malware on your device.
How do you prevent Vishing and SMishing attacks? You can block the number from coming in right? Wrong. When someone from that actual number calls, and you need to take the call, it won’t get through. There’s no SPAM filtering for a voice platform. A best practice is to use your auto attendant to filter humans from bots. Dial by name directories will allow human traffic. The bots aren’t very sophisticated just yet so that along with the tips below will help fight against negative effects that stem from Vishing and Phishing. Hear more of what we have to say on voice services here.
- Don’t Publish Direct Line Telephone Number
Keep this for your business card. Security starts as an ideology. That said, your cell phone number should be held at a higher secrecy level than your direct line. After all, you can turn off your desk line after hours. If your phone number is published on your website it’s much more likely to get calls you don’t want. Using the power of Unified Communications effectively could really give you a lot of your day back.
- Use Your Auto-Attendant
Some say that its unfriendly or impersonal but today’s auto-attendant can be really innovative and cool. With music on hold choices, multiple message options, time of day settings, you can give folks a more personal feel by using your phone’s basic features to provide real time updates to humans while avoiding bots and unwanted callers. Need to know what your system is capable of? Learn more about voice equipment here.
Yes! At times it is best to use good ole human interaction as a line of defense. There are a ton of options with voicemail these days but this tip is for sticking to basics. Calls from unknown numbers should be sent to voicemail, this way when you check your voicemail you’ll know if it’s a call you need to take. Today’s business phone systems have voice transcription features that can text you the voicemail if you’re not immediately available to listen to the message.
Most SPAM filters will keep this content out of your inbox but some emails will leak through. The same will go for Vishing and Smishing scammers. Calls wil get through but your best bet is to use the steps above to reduce the issue. Recently we’ve seen Phishing attacks that appears as if it’s coming from Apple. They ask for users to sign in threatening that their Apple account will be locked within 24 hours. There are also the Vishing calls that claim to be the IRS with a threat of arrest if you don’t pay some fee. The sense of urgency is present in all Vishing and Phishing attacks we’ve seen. Never give out any account information and always pay attention. These are ever evolving social engineering hacks that are morphing with our changing behavior. Training all end-users on best practices and keeping them updated is certainly a best practice until someone comes up with a better idea. Think you have an idea or want to spend some time discussing how to better protect your business? Connect with the Ogre