Phishing, vishing and smishing are just a few of the online scams cybercriminals use to steal private data but this can be avoided through information and preventative action.
Phishing is probably the method cybercriminals use the most. It involves sending fraudulent emails sending customers to a fake website that looks like their bank’s.
This may also occur in Facebook with fake fan pages that post fraudulent content and request confidential information from users.
Phishing cybercriminals frequently use fake campaigns to update customer data, or ask customers to sign up for a sweepstakes that the bank is supposedly holding.
Fraudulent websites request information like IDs, online banking passwords, credit card numbers, and even the security code, with which they can make online purchases unbeknownst to the customer.
Vishing is a term that comes from the combination of two words: voice and phishing. It refers to the type of threat that involves a fraudulent phone call using information previously obtained online.
This method consists of two steps. First, the cybercriminal steals confidential information by email or on a fraudulent website (phishing), but needs the SMS password or digital token to carry out and validate an operation.
This is when the second step takes place. The cybercriminal calls the customer on the phone, claiming to work for the bank. Using particularly alarming messages the cybercriminal tries to get the customer to reveal the SMS password or digital token needed to authorize transactions.
Smishing is a cybercriminals try to trick customers through messages on WhatsApp or text messages (SMS).
This threat takes place when the customer receives a text message supposedly from their bank saying that a suspicious purchase was made with his or her credit card.
The text message asks the customer to contact their bank, and gives a fake phone number. The customer then returns the call and that’s when the cybercriminal, pretending to be the bank, requests confidential information to cancel the purchase.
Sometimes the message also includes a link to a fraudulent website to request sensitive information.
The solution to smishing is to never pay attention to messages requesting data, a phone call or an operation.