SMISHING, Vishing and Phishing, Pharming

Phishing is a fraudulent attack in which an attacker sends an email, instant message, or text
message to the victim which is intended to steal user information like user ID, passwords,
bank account details, etc. Phishing is a method of cyberattack that attempts to trick victims
into clicking on fraudulent links in emails. The link typically takes the victim to a seemingly
legitimate form that asks them to type in their usernames, passwords, account numbers or
other private information. This information is then sent directly to scammers, and the victim
may be none the wiser.

For example, an email may state that your bank account has been locked and requests that
you click a link to regain access. In truth, that link will lead to a fraudulent form that simply
collects your information, such as your online banking username and password. The
scammers can then log in to your account and steal your money.

Smishing”, this word is constructed by combining two words that are SMS and Phishing.
Smishing is an attack targeted to mobile devices in which the attacker sends text messages
containing malicious links, phone numbers or E-Mail IDs to the victim and the attacker aims
to steal sensitive user data like bank account details, passwords, user credentials, credit card
details, etc through this message. Through this message, the attacker prompts the user to click
on the link or contact the phone number or E-mail ID provided in the SMS.
Various mobile smishing attacks

Smishing can be classified into three parts.

1) Smishing through a URL,:

In case of smishing through URL, the user gets redirected to a malicious website
when he/she clicks on the link provided in the website. This website will provide an
interface to the user to fill his/her credentials or banking details. User will be
prompted to fill this interface by offering some purchase points of interest or free
gifts.

2) smishing through E-Mail ID and

3) Smishing through a Phone Number.

 the user will be prompted to contact the attacker on the phone number or E-Mail ID
provided in the message. An attacker, in turn, will demand the personal or financial
details of the user and the user will provide his/her sensitive details to the smisher
misinterpreting the attacker as genuine.

Fraudulent calls or voicemails fall under the category of "vishing." Scammers call potential
victims, often using prerecorded robocalls, pretending to be a legitimate company to solicit
personal information from a victim.

Perhaps you get a call about your car's extended warranty. If you answer this call and get
connected to an alleged agent, you may be asked to provide information such as:

 First and last name

 Address

 Driver's license number

 Social Security number

 Credit card information

Some scammers may also record your voice and ask a question you're likely to answer with
"Yes." They can then use this recording to pretend to be you on the phone to authorize
charges or access your financial accounts

How to Prevent Phishing, Smishing and Vishing Attacks

To avoid becoming a victim of phishing, smishing or vishing, there are a few rules you can
follow. These can protect you directly from scams and reduce the likelihood you will be
targeted in the first place.

 Never click on links from someone you don't know. Go directly to the real website for
the organization the communication purports to be from and check to see if the
notification indicated in the email or text message is real.

 Never give out personal information to someone who contacts you out of the blue. If
they claim to represent a bank, government organization or company you already
 do business with, hang up and tell them you will call right back. Then go to the
official website of the organization and call them at their official phone number to
find out what's really going on.

 Don't answer calls or texts from numbers you don't recognize. Even if you answer
only intending to ask to be taken off the list, the scammers will note that you
interacted with the call. This will likely increase the number of calls you get from
scammers in general.

Best Policies to Phishing, Smishing and Vishing Attacks

Here, some of the best policies are discussed which could help in preventing the smishing
attacks on mobile devices.

1) Downloading Authorized Applications

Users should download applications from authorized stores like Apple's App Store and
Google's Play Store. It is recommended that users should not download an app by clicking on
the link provided in the message until and unless it is re-directing to an authorized app store.

2) Directly Accessing Website

Users are recommended to type the URL in the browser's address bar to access a website
instead of clicking on the link provided in the message.

User Training
User training should be provided by showing warnings and providing user policies to educate
the user against clicking on unknown links present in the text messages.

4) Using Safe Browsers

To ensure protection from malware and phishing sites, users should use only safe browsers
like Chrome and Internet Explorer which has security features embedded in it.

5) Using Bookmarks
Typing errors while typing URLs could make users land on unwanted pages. Since phishers
make use of these typing errors to create their phishing URL, users might land on phishing
websites. Hence, using bookmarks is a solution to avoid typing errors.
6) More Security by App Stores
App stores should take inevitable steps to ensure the legitimacy of the applications uploaded
in their store. Some security policies should be enforced for letting the developers upload
their apps in the store.

Reporting of Cyber Crimes

https://www.cybercrime.gov.in/