View All Pages

Communication Security

Communication_Banner_Canvas.png

 

In 2013, tech giants Google and Facebook fell for a phishing scheme that would last for two years and cost them a combined 100 million dollars. Amazingly this massive heist was the work of a single criminal operating out of Lithuania, a man named Evaldas Rimasauskaus.

Phishing is the act of impersonating a reputable company or organization through email in order to obtain the personal information and data of the email receiver. In this case, Rimasauskaus pretended to be a representative from the electronics manufacturer Quanta Computer whose clients include a multitude of Silicon Valley giants.

The emails from Rimasauskaus to Google and Facebook included documents with forged Quanta invoices, addresses, signatures, and corporate stamps. It would be two years before Facebook and Google discovered they had been paying forged invoices, by which point they had lost over 100 million dollars to a phishing scheme. 

Phishing attacks are extremely common and even the most tech-savvy corporations fall victim to attacks of this nature. Just as our methods of digital communication expand from email to include SMS text messages and social media, phishing attacks have expanded to include SMiShing and hacked Facebook accounts. 

Did you know... 

In November of 2018, OU IT Security blocked over 91,000 targeted email attacks to University account holders.

How can you protect yourself?

Common tactics of phishers 

  • Phishing schemes rely on the fears or hopes of their victims:
    • Some phishing emails create a sense of urgency so the email receiver feels rushed and is less likely to question the legitimacy of the email. This is done when a cybercriminal poses as an institution that the victim trusts - like their bank - and tells them to follow a link to "update" or enter their personal account information to prevent their account from being suspended. 
    • Other phishing emails will trick their victims into believing they have won a prize, lottery, or have inherited a fortune from a long-lost relative. Just remember that if something seems too good to be true, it probably is. 
    • One red flag of phishing attempts is the use of external links. Most institutions won't ask you to click on a link in an email or text message to change account settings but will direct you to their website to navigate your account.
    • Other red flags of phishing attempts include the use of improper grammar, little or no contact information for the "official" sender, and a lack of official email letterheads.

Phishing isn’t just for email anymore

Fishing for personal information is not exclusive to email communication but has extended to include text messages, phone calls, and even social media.

Phishing with SMS messages or SMiShing 

  • SMSiShing is the use of text messages to trick an individual into giving up personal information. 
    • Some examples of SMiShing:
      • Your cell phone provider sends a text saying you need to update some account information by clicking on a provided link.
      • You receive an unexpected text letting you know you have won something and need to follow a link to claim your prize.
      • A strange number sends you a text saying they have your pictures from WhatsApp or another private messaging application and instruct you to follow a provided link in order to retrieve them.
  • Most instances of SMiShing will prompt you to log into a portal that looks identical to the official website you believe you are visiting. The hacker can then steal the login credentials and personal or financial information you entered on the fake website. The SMiSher may also choose to install a virus on your device. 

Phishing with Phone Calls aka Voice Phishing or Vishing

  • Vishing is the use of phone calls to trick an individual into giving up personal information. 
    • Some examples of Vishing:
      • A representative from your credit card company calls to let you know you're behind on payments or that there has been unusual activity on your account.
      • An employee from Apple calls to alert you that your MacBook has a virus or your iCloud account has been hacked.
      • An IRS agent calls to say you owe the government money and that if you do not make a payment this instant you will be arrested.
  • Ironically, some vishers will inform you that you have been a victim of cybercrime and that they can help if given access to your digital device(s) and financial information. 

Phishing with Social media

  • Although there is no cool contraction for "phishing with social media" like SMiShing or Vishing, it is the use of social media to trick an individual into giving up personal information. 
  • Some examples of phishing with social media:
    • A seemingly official account of a brand offers free products and services to its followers, all they have to do is give provide some personal information to the brand.
    • Your friend on Facebook sends you a direct message that says something like "is this you in the picture?" and includes an external link for you to view. Even if a message comes from a friend's genuine account it is highly likely that account has been hacked if they start sending vague messages accompanied by sketchy links.
  • If you want more information on and examples of phishing with social media, we recommend you read this article Links to an external site. from Webroot.

If you suspect you have been the victim of a phishing scam you should follow the steps outlined in the Compromised? section.