- Phishing: Fake emails or messages imitating trusted sources (banks, etc.) to steal personal information. (Spear Phishing and Whaling highly targeted.)
- Smishing & Vishing: Text messages or phone calls impersonating institutions to steal information.
- Baiting: Luring victims with desirable offers that install malware when clicked.
- Deepfakes: Manipulated videos or audio recordings that replace a person’s likeness with another’s, to create realistic scenarios that never happened.
- Calendar SPAM: Invites sent to personal email accounts that contain malicious links which are automatically added to calendars
This is example smishing message is clearly not a message from Evri as the sender address is a @gmail.com address and the link referred to in the text does not use the correct spelling of Evri.
This messages attempts to trick the recipient into replying as this then disables some of the cell phone’s protections and makes the links within the messages clickable.
Example smishing message.
Defending Against Social Engineering
- Verify, Don’t Hurry: Don’t be pressured into taking immediate action based on emails, messages, or calls.
- Scrutinise Sender Information: Check email addresses, domain names, phone numbers, and caller IDs for inconsistencies.
- Hover Over Links (Without Clicking): Most email clients display the actual destination URL when hovering over a link. Verify it matches the displayed text before clicking.
- Beware of Emotional Manipulation: Be cautious of messages that create a sense of urgency, fear, or excitement. Legitimate institutions won’t pressure you for immediate action.
- Enable Multi-Factor Authentication (MFA): This adds an extra layer of security by requiring a second verification code to log in, even if your password is compromised.