Phishing, Smishing, and Vishing..Oh My!
Don’t Get Hooked..
Cyber criminals target individuals with more than emails now. Sophisticated attacks can take the form of emails, texts, and phone calls. Get familiar with these terms:
- Phishing: fraudulent e-mails and websites meant to steal data
- Vishing: fraudulent phone calls that induce you to reveal personal information.
- Smishing: fraudulent text messages meant to trick you into revealing data
How to Spot a Fraud
Sometimes it can be very hard to distinguish a phish, vish, or smish from a legitimate message. Be suspicious of any messages that have some of these characteristics:
- Unexpected: these will come from unknown senders with unexpected offers, information, or demands that seem out of place
- Disguised: hover over email link to see if they seem irregular or point you to a different site than what you’re expecting
- Seeking personal Information: be suspicious of unexpected or unknown sources demanding personal information, passwords or payments
- Urgency: be suspicious of messages that create a sense of urgency or fear
- Incorrect: fraudulent messages will often contain spelling, grammar and language errors because they may originate from bad actors abroad
What to Do:
If you get phished, be a cyber champion and let your mail provider know so they can enable blocks at the mail server so others don’t also receive it.
In your Georgetown mail, follow the steps to send the message headers (the bit with all the clues in it) to the cyber incident response team CIRT@georgetown.edu.
- Learn how to report phishes in your personal mail and social media accounts:
- GMail – reporting spam and phish
- Outlook – reporting spam and phish
- Social Media and other providers – recognizing and reporting phish
If you get vishing and smishing messages, the absolute best course of action is to IGNORE them. Never respond or interact with the senders or callers.
A legitimate company will always contact you through an official channel from an official and verifiable phone number. And you should ONLY call a number that you have looked up yourself. The “call back” numbers or websites in text messages are always going to lead back to a scammer.