Do you know your phishing from your smishing?

Do you know your phishing from your smishing? Do you know your phishing from your smishing? Do you know your phishing from your smishing? Do you know your phishing from your smishing?

So what is phishing and online fraud? There are a variety of different types out there and they certainly have some strange names. Learning these names is one thing, but understanding when you’re being targeted – and how to avoid being duped – is another. By taking time to learn about how fraudsters work can help you to keep your information and money safe.

Recent figures from Cifas, the UK’s leading fraud prevention service revealed that 2019 saw the highest ever number of cases of fraud, so it’s important to be even more aware.

What are some of the different types of fraud?

Let’s explore some of the different types of fraud out there, you can do this by watching our short film below or by scrolling through the definitions below.

What is vishing?

The word vishing comes from combining the words ‘voice’ and ‘phishing’ – and as you may have guessed, it’s to do with phone calls.

What’s an example of vishing?  

A person will receive a phone call from a fraudster who's posing as an employee of a reputable company or organisation.

  • The fraudster will come up with a plausible story to get the person to share their financial and personal information
  • Fraudsters can manipulate telephone numbers, so it looks like they’re calling from a genuine number
  • They may also do some basic research online i.e. social media to get details about the person, making the fraudster’s story sound more convincing

An example of vishing could be that Mohammed was using his laptop when his phone rang. The caller was an ‘IT specialist’ from his home internet provider, and they explained that there was a virus on Mohammed’s laptop, and that he would need to restore the settings with their help. They asked Mohammed to re-open his recently visited internet sites, which included his online banking. Mohammed provided some technical details, which allowed them to gain remote access to his laptop. Mohammed was advised not to use the laptop for 24 hours following the software and protection update. The next day, Mohammed went to take money out of his bank account, but his balance was zero. Mohammed contacted his bank, who confirmed that he had been a victim of fraud.

What is phishing and smishing?

Email fraud is called ‘phishing’ – whereas ‘smishing’ comes from combining ‘SMS’ (Short Message Service) and ‘phishing’ and is fraud by text message.

What’s an example of how phishing or smishing could take place?

  • These types of frauds allow criminals to access valuable personal and account details, by sending emails or texts
  • They ask the receiver to download an attachment or follow a link to a website containing malware, which can collect secure and personal information
  • The emails or texts could seem as if they are being sent from your bank, mobile phone company, a business you shop with, or an organisation you’re registered with
  • Scammers might pretend to be someone you know like a family member or friend. If they ask for personal information or money double check with that person using another way to contact them like a phone call or face to face to make sure it’s really them

Let’s take a text message example otherwise known as smishing, Sophia received a text message from her mobile phone provider to say that her account had been used by someone else to download lots of apps. In order to get a refund, Sophia was told that she needed to click on a link contained in the message. She was then asked to enter her bank details, and the three-digit security code from the back of her debit card into a form online. She was then told that her refund would appear in her account within the next few days.

The following day, when Sophia checked her bank account balance using her mobile banking app, she saw that a large sum of money had been withdrawn from her account. She phoned her bank, who advised that she had been a victim of social engineering.

What’s the definition of a money mule?

‘Money mules’ or ‘money transfer agents’ are coerced into having stolen money transferred into their accounts, and are then directed to move the money on, typically sending it overseas.

Fraudsters can open an account themselves using fraudulent ID, or may convince someone who already has a bank account to receive money on their behalf.

What’s an example of money mules?

  • Money mule fraudsters actively look to recruit people
  • This could be via email, job-search websites or adverts, they've also been known to approach young people directly, outside of schools
  • They’ll offer someone a payment for receiving money into their account
  • They will then direct that person to either transfer it elsewhere or withdraw it and hand it over to a stranger

An example of a money mule could look something like this - Chris received a direct message (DM) from someone he didn’t know on social media. The fraudster promised Chris a large amount of money if they could use his bank account to move money. Chris was suspicious, but the fraudster said it happens all the time. Chris eventually gave over his bank account details. The next day, a large sum of money was deposited into his account.

Chris was then instructed to go to his bank and withdraw all of the deposited cash – and was told how much he’d get to keep.

What Chris was actually doing is laundering money that came from a criminal act. The bank asked lots of questions, which exposed Chris as a money mule and also highlighted that he had acted illegally, even though he was unaware he was breaking the law.

What is shopping or holiday fraud?

Fraudsters can use fake online adverts to advertise when people are shopping or looking for a holiday. These products or services don’t exist or aren’t theirs to sell. To pay for the goods, they convince you to send a transfer directly to their bank account but the goods never arrive, or are not as advertised.

How can I avoid fake adverts?

  • If that product or holiday you are looking to purchase looks too good to be true, it probably is
  • Be cautious of anything offered in an unsolicited email or a strange ad
  • If you’re unfamiliar with the organisation, do research online to make sure they’re reputable
  • If it’s a holiday company for example, check that they’re a member of a recognised trade body, such as ABTA

What’s an example of shopping fraud?

Lauren was looking to upgrade her mobile phone which gives an example of how shopping fraud could take place.

She found someone online selling a top-of-the-range model she liked for half the store price. When she contacted the individual, they asked Lauren to make an online transfer directly to their bank account before they sent her the phone in the post. When she received the phone, it was a much older and more basic model than advertised. When she tried to get in touch with the seller for a refund, her phone calls and emails were rejected. Lauren then realised that it was too late, and she had been duped.

What does the term social engineering refer to?

The term social engineering manipulates or tricks people into exposing their personal or financial information through fake emails, phone calls, texts and posts on social media. These can be very complex attacks, some combining various sources of information about you to appear more convincing.

It's important to remember

You should never divulge your PINs, PINsentry codes or Activation codes with anyone contacting you, including by phone. The police or any other genuine organisation will never ask you to do this.

Genuine organisations would also never ask you to move money to a different or ‘new’ account, or to withdraw funds.

Where can I find out more about fraud?

More from LifeSkills