Summary
Voice Over Internet Protocols (VoIP) is one-way threat actors attempt to trick unsuspecting consumers into sharing their confidential information, such as usernames, passwords, bank account information, and the like. These actors frequently use “ID Spoofing” as vehicles in their attack campaigns.
ID Spoofing is when a caller deliberately falsifies the information transmitted to a caller ID display to disguise their identity. Scammers often use “neighbor spoofing” so it appears that an incoming call is coming from a local number or spoof a number from a company or a government agency that the victim probably knows and trusts. Then they use scam scripts to try to steal money or valuable personal information that can be used in fraudulent activity.
Smishing is a similar form of social engineering fraud, but it exploits SMS, or text, messages rather than VoIP. In a smishing scheme, the scammer purports to be a known entity and texts a link to such things as webpages, email addresses, or phone numbers that, when clicked, automatically open a browser window or email message or dial a number. This integration of email, voice, text message, and web browser functionality increases the likelihood that users will fall victim to engineered malicious activity.
To continue to read the full article provided by FS-ISAC, click here.