The Reality of Phishing, Smishing, and Vishing Attacks

phishing example

Benjamin Cannon

Did you know that a cyberattack occurs every 44 seconds?

According to cybersecurity firm Norton1, 88% of organizations face phishing attacks every year. While the number of successful cyberattacks are not increasing, some reports show that attacks are becoming more costly, especially for businesses, and cyber-crime is expected to cost the world a staggering $10.5 trillion2 annually by 2025.

The repercussions from a cyber-related incident can be expensive and detrimental. Loss of revenue, damage to reputation, loss of clients, lawsuits, and compromised business information are just a few of the damages an organization could face following a cyber-attack. Unfortunately, even the most vigilant companies are vulnerable. In September 2023, MGM Resorts in Las Vegas suffered a widespread cyberattack3 that disrupted every aspect of their organization — from inoperable hotel room keys to unusable elevators to blank slot machines. It took 10 days4 for the casino to return to normal operations after the attack, but severe financial and reputational damage was already done.

Defend Your Business: Understanding and Preventing Phishing, Smishing, and Vishing Attacks

While these statistics might seem extremely daunting, there are ways for businesses to protect themselves against cyber-crime. Let’s take a look at three of the most common types of cyber-crimes — phishing, smishing, and vishing — to determine the reality of the cybersecurity landscape and what businesses can do to prevent these attacks.

What is Phishing? 

Phishing is a type of cyberattack or online scam in which attackers use deceptive techniques to trick individuals into divulging sensitive information such as login credentials, financial information, or personal data. The term “phishing” is a play on the word “fishing,” as attackers cast a wide net sending fraudulent emails or messages to catch victims. Phishers often use email to impersonate trusted entities, such as banks, government agencies, well-known companies, or social media platforms.

Phishing was the number one reported internet crime in 2020, according to the FBI5. One of the biggest misconceptions about phishing attacks is that they’re easy to spot6 — typos or grammatical errors, fake email addresses, or suspicious links are usually dead giveaways that an email might be a phishing attempt. But in recent years, attackers have become highly sophisticated, using advanced technology, psychology, and manipulation to exploit human behavior and emotions, making it challenging to identify phishing attempts. Attacks can be incredibly convincing and can cause even the most cautious individuals to fall prey to an unsuspecting email.

what is smishing and fishing

What is Smishing?

Smishing is a type of cyberattack similar to phishing but occurs through text messages (SMS) or other messaging services, like WhatsApp or Viber. The term “smishing” is a combination of “SMS” and “phishing.” Just like traditional phishing, the goal of smishing is to trick individuals into revealing sensitive information or taking malicious actions. Many individuals assume that text messages are inherently secure, but this misconception is false, as smishing attackers exploit trust in this medium to trick users.

There was a record number of smishing attacks in 20227, with half of mobile phone users worldwide exposed to a phishing attack every quarter. The U.S. Postal Service has been targeted with a smishing attack8, and the U.S. Department of Health and Human Services issued a warning for hospitals9 to be aware of the growing trend of smishing — but any organization, regardless of industry, can be targeted by a smishing campaign.

phishing vishing and smishing attacks

What is Vishing?

Vishing, short for “voice phishing,” is a type of cyberattack in which attackers use phone calls to steal sensitive information. Vishing is similar in purpose to phishing and smishing but relies on voice communication rather than written communication like emails or text messages. They may even use a spoofed phone number to make it appear as if the call is coming from a legitimate source, like a government official, a bank representative, a telemarketer, or tech support.

With the rise of artificial intelligence, it’s becoming easier to impersonate trusted people or entities by generating AI voice clones to mimic people’s real voices. For example, actor Stephen Fry recently claimed that his voice was replicated by AI10, in which AI software took recordings of his voice from the Harry Potter audiobooks and was then able to create a fake narration of a historical documentary using Fry’s voice.

According to a report by the New York Times11, a Bank of America in Florida received a phone call from a bank customer. Except, it wasn’t the customer — it was software program that had artificially generated the customer’s voice, attempting to trick the bank into moving the customer’s money elsewhere. In this case, the fraud was detectable, but as the technology develops, vishing fraud will likely become much harder to catch. The implications of AI in vishing is alarming — and there’s high potential for attackers to utilize this growing technology.

 

Now that we’ve discussed phishing, smishing, and vishing threats, here are Ten Ways to Protect Your Organization from Cyberattacks.

 

1115 cybersecurity statistics + trends to know in 2023, by Clare Stouffer for Norton

2Cybercrime To Cost The World $10.5 Trillion Annually By 2025, by Steve Morgan for Cybercrime Magazine

3What Las Vegas tourists need to know about casino hacks, by Andrea Sachs, Sofia Andrade, and Joseph Menn for The Washington Post

4MGM Resorts computers back up after 10 days as analysts eye effects of casino cyberattacks, by Ken Ritter for AP News

5FBI Releases the Internet Crime Complaint Center 2020 Internet Crime Report, Including COVID-19 Scam Statistics, by the FBI

6Protect yourself from phishing, by Microsoft

24/7 IT Support

Call: (317) 596-9891

FAX
(317) 596-9894