Phishing, Vishing, & SMiShing Attacks
What is Phishing?Phishing are fraudulent electronic communications (emails, text messages, or instant messages) that appear to come from legitimate businesses to entice you to provide personal information. The fraudster then uses your information to commit identity theft or lure you to further engage in scams. The emails often look like they are coming from a company you know or trust, such as your bank, your insurance company, your Internet provider. However, upon closer inspection, the emails frequently contain typos or minor changes in the sender’s email address. They might also contain attachments that, when opened, install malware (malicious software) on your computer. Malware may be used to steal more personal information. For example, some forms of malware, such as spyware, may track without you knowing the keys that you type and steal your passcodes.
Additionally, phishing emails often contain links to fake websites intended to look like the legitimate companies you do business with, like your bank or brokerage firm. Just as with the malicious attachments, these look-alike websites may also install malware on your computer or steal your password information. Remember, never reply to or click on a link in an unsolicited email asking for personal information, such as your credit card, bank account information, or Social Security number.
Avoid opening or clicking on emails, attachments or links that are requesting information. When in doubt, delete the message and call the organization the email supposedly came from to alert them.
Phishing may also be called spoofing as the fraudster masquerades itself as a user, website or email to gain access to your information. The instances described above are both website spoofing and email spoofing. The fraudster is hoping that the reader will not notice the differences (such as minor misspellings) between the fraudulent and the legitimate sites and emails, and will open them potentially downloading malicious attachments or divulging information.
For some general tips that may help you spot phishing emails, please click here. For more information on spyware, a type of malware, please click here.
What Is Vishing?Unlike email phishing attacks (where the goal is to get you to point your web browser to a fraudulent site by clicking on a bad link), vishing (or voice phishing) is a technique of social engineering that employs a combination of text messages, phone recordings, and email to persuade customers to dial a telephone number or respond to a telephone call for the ultimate purpose of obtaining financial gain.
Fraudsters tell customers to contact their bank at a fraudulent telephone number, which is provided in an email, a text message, or by a recording using Voice over Internet Protocol (VoIP) technology. During the call, targets are asked to provide their card number and other personal or banking account information.
What is SMiShing?SMiShing is essentially the text message version of phishing. It is a social engineering attack that employs text messages (SMS) to incite the target to divulge private, sensitive or confidential information. The SMS may have a link requiring the target to input information; it may have a link that when clicked on downloads malicious software to the mobile phone; or the text may have a malicious attachment itself.
Since fraudsters constantly vary their scams, it is important to beware of text messages, emails, and telephone calls or recordings requesting confidential data.
Remember, Union Bank does not request personal account information by text message, email, or automated phone call. Do not respond to any unsolicited texts, emails, pop-ups, or links that ask for personal information of any kind. For additional Union Bank Fraud Prevention resources or to report suspicious activity on your accounts please visit our page on Fraud Education and Awareness