Skip to content

Phone Phishing: When the cyberthreat goes….mobile!

Oct 1, 2021

Blog Security

Fiendish phone phishers are upping their game by using friendly numbers…and more…

Here’s what you need to know about phone phishing!

If we weren’t heavily reliant on our phones before COVID-19, we certainly are now! For the vast majority of us during lockdown, our phones have gone from always on communication and social media tool to our always-in-hand central point of contact with the outside world

  • Order groceries – tick
  • Let the kids keep in touch with the grandparents during lockdown – tick
  • Do remote meetings whilst multi-tasking during work from home – tick
  • Check the daily case numbers and watch the pressers – tick
  • Access key telehealth services – tick
  • Attend parent teacher interviews – tick
  • Virtual drinks with the team – tick

What you may not have realised though is that over this same time, the sophistication of phone phishing and text related scams has also skyrocketed!

How prevalent is phone phishing and how likely are we to fall for them?

Pretty likely it seems.

Makes sense, right? We’re busy, distracted, overwhelmed, and in need of services delivered remotely – all of which make rich picking fields for scammers. Whereas previously phone scammers might have focused on preying on people (particularly the elderly) with phone, internet or computer service scams, malicious actors have broadened their skill set to now routinely masquerading as your bank, government agencies or service providers, investment advisors, trusted business names and numbers you may know, trust and use, even phone numbers you know, trust and already have in our contacts (including sometimes your very own number!)

According to the Australian Competition & Consumer Commission’s annual Target Scams report, most recently released in June 2021,

Phone continues to be the most common way scammers target victims and the most successful in terms of the amount of financial loss. Both reports and losses to scams conducted over the phone increased by 48% compared to 2019. Losses to phone-based scams increased to just over $48 million.

Phone, email and text messages were the top 3 ways scammers made contact with people in 2020. Phone based scam reports made to Scamwatch peaked in October 2020 with about 17,000 reports that month.

The upshot? Combined phone and text messaging scams during 2020 represented 63% of scams broken down by contact method, with over $51 million of reported losses.

What are the key phone-related threats?

As with all cyber threats, the landscape continues to evolve all the time as the bad guys find ever more inventive and sophisticated ways to exploit our human needs and vulnerabilities.

But currently, phone related scams are falling mostly into one of three key threat categories. Here’s what they are:

Vishing – “Voice Phishing”

  • Scammers use phone or voicemail to pose as bank, service or other staff
  • Aim is to get people to provide their credentials to a “trusted” caller or to take action over the phone

Smishing – “SMS Phishing”

  • Scammers send text messages prompting you to make payments or click on specific links
  • Aim is to harvest credentials, elicit payments or embed malware on the device.

Spoofing – “Trusted Caller”

  • Scammers use real phone numbers, maybe even yours, to scam others
  • Aim is to use a local number / caller ID that you are likely to trust, and therefore answer

…And here’s what you can do to:

 

Vanquish the Vish

  • Hang up – Block the number if you can
  • Never take any action over the phone
  • Never provide any personal information over the phone
  • If unsure, call the organisation to verify and confirm

Squish the Smish

  • Be on the lookout for tell-tale fakes – strange links, unusual domain names, spelling mistakes etc.
  • Do not click on any links in SMSs to take action
  • Do not enter any credentials via SMS links
  • If unsure, call the organisation to verify and confirm

Stamp out the Spoof

  • Report to your Telco provider asap
  • Turn on ‘Silence Unknown Callers’ on iOS Devices*
  • Turn onSpam and Call Screen’ on Android devices*
  • Avoid giving out your phone number, especially online, wherever possible

*Seek technical guidance from your Managed IT Services or Mobile Device Management Provider first for changes to corporate or managed devices.

So, stay alert, take action and avoid becoming one of the scam statistics.

Better yet, share your newfound knowledge – You can download our Threat Guide  When the CyberThreat Goes Mobile right here

Need to talk more about IT security or mobile device security? Give Maxsum a call now on 1300 629 786 or Contact us here to book in a chat!