PSA: Vishing & smishing.

[imwjl]

Vishing & smishing are using phone calls and SMS (text) messages to spoof and breach your security.

It is important to know this because you can receive an attack where a very sophisticated and teamwork group will try and trick you as a bank and payment service. In the workplace and home too, a fake tech support call can occur.

Make sure you verify phone numbers. Use your bank's and payment services legitimate apps. If a fake support call and especially in the work place verify against an incident or ticket number.

This comes to mind because I read it was how a major breach in the news started, and not long ago I was targeted. Even with knowledge from my work I was pretty impressed with the amount of teamwork and sophistication in the attempt.

Of course don't forget other basics such as spoofing in email and to always read the actual inks before you click on search results. If you own a business make sure you train, document and be sincere with your PCI DSS compliance. Choose security products that use the TALOS database applies to business and individuals.

[Talk2Me]

The weakest point in any security system are the people. "Social engineering" my hacker friend used to cal lit. Apparently that worked very well recently in Vegas...just not for the casino(s) involved.

[Chipotle]

A good way to keep yourself safe... never go through the link or phone number you are provided in the email or sms, unless it is something you are expecting (like a password reset or security code). Always reach back to the company with your own verified link or phone number, from your bookmarks/contacts or a legit search.

[seannx]

That happened to one of my sons recently. He got several calls and didn’t answer them, and messages were left saying it was from BofA wanting to verify account information and protect him from fraud.

He checked the number, and it was the same as the one BofA texts with security verification codes had been sent from in the past. So he answered the next time they called. They were very sophisticated, and had his credit card numbers and account numbers along with current balances.

Then they said he would be getting an authorization code by text to pass along to them. One came from the same number they had been calling him on, which was the same one he had gotten legitimate texts from BofA in the past. Even though he hadn’t given them his username and password, they were able to use the code and change them.

He discovered this after he had supplied a good amount of personal information (SS #, address, credit card cvc codes, etc.) They kept pushing him for more info to the point he got suspicious, and asked why they needed additional details. The guy couldn’t give him a good answer, and my son hung up. Next he went to sign in to his account online, and discovered he was locked out.

He immediately went to the local branch, where they helped him close all of his accounts, open new ones, and create a new user name and password. Thankfully no money had been taken out of his accounts.

So as a PSA, no matter how legitimate phone, text or email contacts appear, don’t reply. Instead sign in online or contact the bank directly.

[Gitfiddlemann]

Quote:

Originally Posted by seannx

So as a PSA, no matter how legitimate phone, text or email contacts appear, don’t reply. Instead sign in online or contact the bank directly.

Excellent advice.
Don't reply. Don't call back. Don't touch or click on anything that's within the message.
Also, many if not all reputable financial institutions, like banks and CC companies, and also Social Security and Medicare governmental offices, go out of their way to remind account holders that they will NEVER contact you by phone, text or email to "verify" anything.
These are always scams.