Office1 Blog

Phishing, Vishing, and Pharming – What They Are and How to Avoid Them?

February 28, 2020 | by Sean Dawson

Phishing, Vishing, and Pharming - Oh My! In today’s world of increased productivity through advanced technology, one should expect that increased cyber-innovation has also led to increased cyber-threats. It’s the natural ebb and flow of growth. This means that vulnerable and sensitive information is being stalked by cyber criminals everyday and there is a medley of options on how to access it. 

Phishing, Pharming and Vishing scams

 

Using the same technology that aids us in our everyday lives, cyber criminals waste little time in preying on our naivety. The reach of these perverse cyber criminals grasp extends across all plains of business and home life using shocking tactics such as Phishing, Pharming and Vishing. In this article we’ll identify the differences between the methods as well as the significance of preventing these cyber crimes to further avoid becoming a victim.

 

Phishing

This form of “fishing” is sure to create headaches instead of alleviating them as this way of “fishing” is not relaxing at all! Phishing is a type of cybercrime that attempts to lure individuals into providing their personal and financial information in an effort to use the stolen information to gain access to financial accounts or to steal someone’s identity. The majority of phishing scams are conducted via email. These emails generally provide a link to a website where the victim will be asked for personal information, financial information or account access credentials. Many phishing emails will often contain attachments consisting of viruses and ransomware. 

 

Indicators of Phishing Emails

If it seems too good to be true then it more than likely is! This advice is as relevant today as it ever has been because there are numerous red flags that might indicate a phishing email. Phishing attempts will often convey a sense of urgency or demand. Whatever they are offering is only available for a short time. This tactic is an effort to get someone to act without taking the time to think about, or investigate, the offer in front of them. The sender uses fear as a tactic, stating that one of the victim’s accounts is about to be suspended if they don’t take immediate action. For many people, this is just enough to get them to act quickly to avoid certain consequences. 

phishing scam via emal

In many cases, these emails will appear to be from a bank or credit card company. The perpetrators who engage in phishing scams can be pretty sharp. They can make their email, or the website they direct the user to, look very legitimate, but there are usually some small indications that they are fake. 

 

Avoiding Phishing Scams

Phishing scams can be more than just a headache. Undoing the financial damage, and fixing your credit rating can take a long time and a lot of effort, so avoiding the problem altogether is worth a little time up front so as not to fall victim. Here are a few ways someone can avoid a phishing scam:

 

  • Use Antivirus Software on Employee PCs – Antivirus software scans every file that comes through the Internet to your computer. It helps to prevent damage to your system  
  • Use business specific antivirus software - Common antivirus software is great for private citizens, but there are also business specific antivirus products that a system administrator can install and maintain, that can help avoid phishing emails on your corporate email system. 
  • Never open an attachment that arrives in an email from an unknown sender
  • Never click a link embedded in an unsolicited email
  • Check online accounts on a regular basis to ensure no fraudulent transactions have been made without your knowledge
  • Change passwords regularly 
  • Be Wary of Pop-Ups – these are difficult because many legitimate websites use them. If a pop-up simply contains text, it might be OK, but if it asks for information or contains links, don’t provide any information or click a link or button, instead close the link , and click the small “x” in the upper right corner of the window.
  • Never give out personal information over the Internet to anyone you don’t know. 

 

Pharming

Pharming, is similar to phishing, except pharming is a two-step process. First, malicious code is installed on the user’s computer or server by the cybercriminal. Then, the code redirects the browser to a corrupt website where the victim may be tricked into providing personal information. The frightening quality of pharming is that it doesn’t require the user to take action in order to end up at the fraudulent website. In the case of pharming, the redirection occurs automatically. Like phishing, the fraudulent website will prompt the user for personal information.

signs of pharming

Signs of Pharming

Always be suspicious of websites with an unsecure connection. If the website URL begins with “http” instead of “https”, the website could be corrupt. Many general websites won’t have “https”, but any website that pertains to money, health records or other personal information should always have the “https” designation and a small lock icon next to the URL. 

 

Some websites just don’t appear genuine at first glance. The official website of a legitimate organization will look professional, have no spelling or grammar errors, and the layout and logos should be consistent with what you’re used to seeing. Cybercriminals rarely take the time to make their “fake” websites perfect. 

 

How To Protect Yourself Against Pharming:

  • Always run reputable antivirus and anti-malware security software. 
  • Enable two-factor authentication on sites that offer it
  • Change the default password on consumer-grade routers and wireless access points
  • In the business world, pharming requires a significant amount of employee training. Unlike phishing, pharming can attach itself to computers without the immediate knowledge of the user. Therefore, it is imperative that your system administrator is up-to-date with the latest methods of system breaches and how to stop them. It’s a huge task, but knowledge in the area of system security is a necessity and not a luxury. 

 

Vishing

Vishing carries many resembling characteristics of phishing; but instead of using email, or fake websites, vishers use internet telephone service (VoIP) as their conduit. With vishing, the perpetrator impersonates a legitimate person or business entity to scam people. The word ‘vishing’ is a combination of ‘voice’ and ‘phishing’.

Visher using internet telephone service

Vishers spoof legitimate phone numbers to fool people into believing the call is legitimate. If the victim answers the call, the visher will try to get them to provide personal information that allows the visher to access the victim’s financial accounts or steal their identity. If the call isn’t answered, the visher will leave an urgent-sounding message, hoping that the receiver of the call will panic, return their call, and give up their information. Sometimes vishing will consist of a prize offer. In order to collect the prize, some type of deposit or other fee will be required using the victim’s credit card. Some other scams are offers for incredible investment opportunities, requests for charities, or extended car and home warranties. 

 

Detecting a vishing situation is usually not very hard. The first indication is an unrecognizable phone number. Of course, there are often legitimate phone calls from unknown numbers. If you answer a phone call and the person on the other end of the phone isn’t clear about their reason for calling, or cannot answer your questions about the nature of the call, it’s most likely a scam. 

 

How To Avoid Becoming a Vishing Victim

Avoiding becoming a vishing victim is fairly effortless. Many people don’t answer or block any calls from a number they don’t recognize. Even if the caller leaves a message, the possible threat of vishing is still a possibility. A legitimate caller will usually leave a very clear voicemail with a reason for the call. Scammers, on the other hand, will intentionally sound muddy or garbled, but will emphasize phrases such as “lock your account”, and they provide a phone number.

 

If you don’t recognize the person leaving the message or the phone number they are asking you to call, don’t call. There are a number of websites that collect information on phone scams. You can often Google the phone number and if the call is indeed a scam, you may find that many others have received calls from the same number. Whatever you do, “never” provide information over the phone to someone who calls you first!

 

In Summary 

In the age of cyber crime where unlawful acts can be carried out from the comfort of one's residence; it is paramount to understand the different methods of cyber crime and how to prevent them. Tactics of stealing valuable and crucial information are constantly evolving. Staying informed and up to date on the variety of cyber crimes is imperative to the prevention of the crimes as well as spreading awareness. With all the gadgets we use to make our lives more convenient, taking some time to ensure we know who we’re giving our information to will save a few headaches, and possibly a lot of money.

 

New call-to-action

Categories: Security

Sean Dawson

About Sean Dawson

Sean seeks to understand the heart of a challenge and then focuses on creating practical and timely solutions. He is an avid DIYer, gardener and master house re-doer who loves spending his free time with his wife, four children and six chickens.

Asset 1-4

FREE Dark Web Scan

Sign up today for a free scan and to stay on top of the latest IT trends and innovations.

blogs related to this

6 Cybersecurity Questions Your Board Will Ask

The Importance of RTO and RPO During a Disaster | Why You Need It

Risks to Data Security With Remote Teams