Common fraud techniques typically employ some form of Social Engineering. Phishing is by far the most common form of social engineering employed by scammers, but other popular forms of social engineering exist including Vishing and Smishing.
See below definitions for more information:
Phishing
- Definition - The practice of tricking Internet users (as through the use of deceptive email messages or websites) into revealing personal or confidential information which can then be used illicitly.
- How it works - Phishing is often designed to prey on your sense of fear, urgency, curiosity or by offering a reward. The goal of the attack is to convince the recipient to take an action.
- Actions – Reply to the email, click on a link (which spawns a website) or open an attachment.
- Results of the action - May include installation of malware that grants the scammers access to your computer/network, or it may prompt for more information such as credentials.
- Social Networks - Phishing and other scams aren’t limited to just email, they are also prevalent on social networking sites. Be aware of suspicious, unexpected, or unfamiliar links in online ads, status updates, tweets, and other posts.
Vishing
- Definition - The fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies to trick individuals into revealing personal information, such as bank details and credit card numbers.
- Common Examples – Debt relief or credit repair scams, business or investment scams, charity scams, “Free” trials, or tech support.
Smishing
- Definition - Smishing is a phishing message received via a SMS text message. If you have a mobile phone, then you’ve most likely experienced smishing. Just like an email phishing attempt, the scammers are targeting your sensitive information.
- Common Examples – Online shopping gift card scams, sweepstake winner scams, telecommunications related discounts or giveaways and shipping or package delivery scams.
If you would like to learn more, the following federal government websites offer additional information.
Federal Trade Commission - https://www.ftc.gov/
Department of Homeland Security - https://www.ready.gov/cybersecurity
FBI Internet Crime Complaint Center - https://www.ic3.gov/