CATEGORY: Sussex Showcase

Staying one step ahead: phishing, vishing, and smishing




Phishing, vishing, and smishing sound like the names of small villages on a beautiful coastline in some faraway paradise, but I can assure you these names stand for something completely onerous. Each of the names, Phishing, vishing, and smishing stands for the different ways in which you might be cyber attacked. All three of them are what the industry calls a socially engineered attack.


Protecting your business from phishing attacks

There are all sorts of figures that are used to say how many phishing emails are sent per year. However, regardless of the amount, the thing to think of is that billions of emails are sent out, and one could easily land in your email box. It is the most commonly used attack vector used by cybercriminals. Why? Because it’s an easy method to fall foul of. Here is how a phishing attack works.

A phishing attack is a fake email message, which has been sent to you by what appears to be a legitimate company that may be well known to you. Cybercriminals usually use trustworthy companies like your local delivery company, HMRC, your business bank, or a trusted supplier.

Under the guise of a trusted name, the criminal will request personal information from you: bank information, passwords, usernames, or access to sensitive data. You might think you would spot a fake email, but cybercriminals are very adept at designing emails to look exactly like the real thing.

If they don’t gain access in the above manner, they will turn to sending malware, which if you click on it, because it’s often disguised as an invoice or a receipt, is capable of stealing personal information just as easily.


How good customer service impacts your bottom line

On any normal day, working with an IT company is fine. It’s when your problems really hit the fan, you find out if your outsourced IT partner has your back. When you choose a partner, it’s easy to go for cheaper contracts, or they are nearer to your business than another.

The questions you really need to ask are as follows: What is the quality and calibre of their support desk like? How quickly will they get you back up and running? There are companies out there who will start disassembling everything in the building to get you back up and running. Or do they approach problems with simple fault-finding questions first (because sometimes it can be something really simple).

An efficient and well-run help desk will resolve your issues quickly, smoothly and on time, cutting down on your staff standstill.


Deterrents in cyber security

Using Multifactor Authentication (MFA) or Two Factor Authentication (2FA) is an excellent extra layer of deterrence. Essentially, they are both forms of identity and access management security systems, they each need other points of verification that a threat actor is unable to circumvent, like an authenticator app.



Protecting yourself from smishing: tips and tricks

Smishing is just like phishing, but it takes place via a text message, it targets mobile phones and Apps like WhatsApp. Sometimes, the message will be an advert offering services. Lottery scams, QR codes, friends or loved ones in need, discounts, or the horrible Mum or Dad scam. Whatever their guise, they are after personal information or money. So, you can do several things to protect yourself.

  • Delete them, delete them, delete them
  • Don’t send any money
  • Set up 2FA on your mobile device
  • Create a distress password with your family, so that you know whether the call is genuine or not. This is especially useful with the Mum and Dad scam
  • Call the number that is requesting any kind of money, or personal information
  • Change the default PIN on your voicemail, hackers are not shy about trying to access your voicemail, so use a unique PIN to protect yourself
  • Report any kind of smishing attack to your mobile operator or App service


Warning signs of a vishing attack You shouldn't ignore

Vishing is an over-the-phone cyber attack. The criminal will pose as if they are calling from your bank, or a trusted supplier so that they can verbally obtain confidential information from you.

Often there is an inherent rush to their request, they will push hard to get you to release money from your account, as they use the threat of arrest or heavy fines if you do not pay them there and then.

  • Don’t feel rushed to give any information over the phone

  • Don’t give out your card details over the phone, or by text to anyone. Even if they send you a link to click on, don’t
  • If you are in any doubt, exit the call, and call the bank, HMRC etc directly on a bonafide number, that you have found, one that is not supplied in the text you have been sent
  • Keep your software up to date with the latest patches etc.


It’s a sad fact that cyber criminals use socially engineered technological methods to gather personal information. So be fraud aware, otherwise you put yourself and your business at risk.

To find out more about how CNC can improve your business cyber security, contact the team at: or call us on 01273 384100.