Be prepared for Phishing, Vishing and Smishing attacks!
Yesterday I responded to yet another call for help where my customer had taken a call from what they believed to be their broadband provider. Unfortunately, it was a scam or a ‘vishing’ attack and I thought it would be useful to recount the story highlighting the warning signs.
As with a lot of scams the call began with establishing a known fact. In this case it was the name of the customer’s broadband supplier ie BT or TalkTalk or Virgin etc. (It may surprise you how this is easy to find out – just do an online search what services are available for your phone number and postcode and you will see the name of your currently assigned provider). Next, the caller suggested there might be a problem on the line and could the owner try some tests. These of course were designed to prove positive and lead to the next action which was to enter commands that give the caller remote access. This is where the real danger starts.
My customer was at this stage getting deeply suspicious and thankfully terminated the call but sadly not before the scammer had uploaded some malware which no doubt would have resulted in more serious hacking in due course.
Apart from the cost of getting their PC deep-cleaned, it was apparent just how traumatic and stressful this episode was for my customer. So please allow me to suggest some strategies that help prevent such attacks.
- Don’t take unexpected calls or messages at face value. Be distrustful – ask for identity evidence and take your time. It is highly unlikely that a computer or broadband fault is urgent (believe me if it is your problem most real providers take days to respond) so ask for a case number and arrange to call them back later on a published phone number.
- It is Important to build in this delay as it gives you time to think about what you are being asked and also time for the line to clear before making an outgoing call.
- If alarm bells are ringing in your head, kill the call. It’s better to be rude than get scammed.
- Remember your ‘ABC’s
- A=Anti-virus/Anti-malware software. Use a paid one as they are much better than the free ones
- B=Backups. Do these on a schedule and do different types ie USB memory stick, external HDD, cloud etc. (Note, backups should be kept disconnected from your PC apart from when you are making them)
- C=Current. Keep your PC or Laptop up-to-date. Most vulnerabilities are in older versions of Windows and software apps. Updates are developed on an ongoing basis when these are identified to close off and protect you so that hackers can’t exploit them
- Use multiple strong (i.e. long) passwords and don’t share them. This is probably the hardest thing to adopt as it is such a pain! I recommend using a password vault program like ‘Truekey’ from McAfee or similar. Here you only need to remember one ‘master’ password and let the program generate and store multiple strong passwords for all your secure websites. Tip for the master password – string three random words together and make up a story that connects them eg SportsResultJaguar – ‘The result was that Jaguar won the motorsports challenge’.
- Make sure your family and colleagues are also aware of computer risks. Talk about it and remind them to be careful.
Finally, if you think you have been scammed or even had an attempted scam report it to Action Fraud on 0300 1234050. If your machine has been infected or is misbehaving call PC-FIXED on 07443 032886.
PS Phishing is where you get an email with a malicious link, Vishing is where you get a call and someone talks you into following a malicious link and Smishing is the same as Phishing but by SMS message.
Feel free to share this post and or comment!