You are likely very familiar with phishing, but smishing and vishing scams are on the rise lately.

Phishing attacks attempt to gain access to your personal information through scare tactics or malware via e-mail. Smishing scams are via text messages.  Vishing via phone calls.

Think you can spot a phishing, smishing or vishing scam? Scammers get better every day and have more resources than ever before.

Be vigilant, cautious, and skeptical.  

**Phishing**

• Check the sending address. It could be sent from a faked or compromised account.
• Confirm links by hovering over them to reveal the URL before you click.
• Never open links or attachments from untrusted or unexpected sources.
• Watch out for emails targeted to stir your emotions. Criminals try to knock you off balance with threats, a false sense of urgency, or a deal that’s too good to be true.
• Check the Cornell Phish Bowl

Forward suspected phishing e-mails to the IT Security Office itsecurity@cornell.edu and cc wsbnit@cornell.edu.

Below is an example of a phishing scam that is sure to raise anxiety levels.  Random spam emails may not have much success, so the would-be blackmailers have been trying to personalize their attacks in various ways.

We have seen phishing scams going around that include a name of your supervisor as the sender, like the recent ones going around asking you to do a ‘quick task’.
Others are using real, hacked passwords and/or including all or part of your phone number.

Do NOT respond to these e-mails.  Report the scam and delete it.

——– PHISHING E-MAIL EXAMPLE————-

——–END PHISHING E-MAIL EXAMPLE————-

Phishing Training:

Learn more from Kyle Szuta at the Cornell IT Security office.  He recorded his previous training about security awareness, with an emphasis on protecting yourself from social engineering attacks via phishing e-mails.  The examples used during these presentations are many of the common ones that have been directed towards our Cornell e-mails.

• https://www.youtube.com/watch?v=DkuyTi7-Wbw (45 minutes)

**Smishing**

If you have a mobile phone, then you’ve most likely experienced smishing. Smishing is a phishing message received via SMS text message. Just like an email phishing attempt, the scammers are targeting your sensitive information.

How to report a Smishing txt or SMS?
Forward suspicious SMS messages to 7726

• When you receive a spam txt message on your phone, forward that text to the short code 7726 (which spells “SPAM”).
• You’ll then receive an automated message from your wireless carrier asking you to enter the phone number from which the spam text was sent

How to forward an SMS

• iOS: https://support.apple.com/en-us/HT208386
• Android: https://www.androidauthority.com/how-to-forward-a-text-message-870759/

——– SMISHING EXAMPLE————-

——– END SMISHING EXAMPLE————-

**Vishing**

The fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to trick individuals to reveal personal information, such as bank details and credit card numbers.

Avoid vishing/smishing attacks

• Don’t respond to calls or texts in which you don’t recognize the phone number.
• If you receive any communication from an organization and you suspect it to be fraudulent, look up the organization’s customer service number and contact them to verify.
• Never give out personal details over the phone to unverified contacts.

How to report telephone scams?

• https://www.usa.gov/telemarketing

Security Awareness Episode 6: Vishing  https://staysafeonline.org/online-safety-privacy-basics/security-awareness-vishing/ (3 minutes)

Sources: https://it.cornell.edu/security-and-policy, https://its.weill.cornell.edu/news/phishing-and-vishing-and-smishing-%E2%80%93-oh-my-funny-words-about-id-theft, https://staysafeonline.org/theft-fraud-cybercrime/reporting-matters-even-for-a-smishing-message/