Trader Beware: Phishing, Vishing, and SMishing, Oh My!

More than a third of all online scam attacks involve phishing emails or malicious attachments. As traders, we’re already aware of best practices for protecting our trading and financial data from such attacks. Popular phishing schemes have an element of urgency, such fake invoices and sales receipts for things you didn’t order, or fake fraud alerts. The basic goal of phishers is to get you to click on a link or open an attachment. From there, they take you to a website that asks for your information, or they download malware to your trading computer. As we’ve become more savvy about avoiding these scams, new ones have been invented. Continue to protect yourself by becoming aware of the new variations on the basic phishing idea. Here are a few:

Vishing

In Vishing, scammers use Voice-over-IP (VoIP) to contact you. It’s a mix of old-school phone scamming and modern technology. The VoIP makes it difficult to determine the source of the call. So it might appear as if you are receiving a phone call from a local number, but the caller could be anywhere in the world. The scammers will offer you a service or a great deal on a product. They will come off as a general salesperson trying to convince you of their product’s value. But the main objective of a Vishing call is to get you to divulge your financial information. Then they use that information to access your bank accounts or trading accounts.

SMishing

Instead of emails, SMishing uses SMS (text messaging). Scammers like SMishing because people still trust SMS more than emails. People are more likely to click on an SMS link than an email link. That means SMishing improves the chances for a scammer to achieve their objectives. Avoid the temptation to click on every link that comes through SMS.

Watering Hole

While general phishing attacks go after targets aggressively, in a watering hole attack the scammers take a more “wait and see” approach. They create fake pages for reputable financial or trading companies, and wait for the target audience to access the pages. You might go to a website you regularly visit and get duped into providing sensitive information or end up downloading malware from the site. Most watering hole attacks depend on security vulnerabilities. So make sure all your computers and devices, not just your trading computer, are always updated to the latest software versions.

Pharming

Pharming has been called “phishing without a lure.” In phishing, you get an email or phone call that tries to get you to a site that can collect your information. In pharming, a malicious program sits on your trading computer or DNS server. When you enter a URL, this program essentially redirects you to a fake site. The effect is to make you think you are going to the right URL (after all, you typed it in), but you are actually visiting a phishing site. It’s difficult to detect pharming tactics. The best way to protect your trading computer is to install the latest updates to your operating system and apps, use antivirus software, and stay vigilant.

File Share Phishing

Nowadays most traders use Dropbox or Google Drive to share documents. Scammers can target these file-sharing services to run phishing scams. If you’re like most users, when you are notified a document has been shared with you through Dropbox or Google Drive, you assume the file is safe. That’s not always true. Dropbox and Google Drive documents can have malicious links embedded in them. So make sure you think twice before clicking on a Dropbox or Google Drive document. Only accept files from users you trust. And if you didn’t expect to be receiving a document, check with the sender.

Report Phishing Emails

To help stop the spread of phishing, forward suspicious emails to one or both of these organizations: You can also file a report with the FTC here: ftc.gov/complaint In addition, contact the person or company being impersonated to notify them of the attack. (Many larger companies have specific URLs set up for this purpose. Check their websites.) The more quickly scammers are identified, the safer we all are.
There are more trading computer tips like this in our buyers guide. Check out our “How To Buy a Trading Computer” e-book.
We hope today’s Quick Tip helped you. If you found this helpful, you’ll want to check out the other computer How-To’s I’ve created on this page. You can always call us if you have questions: 800-387-5250. Photo by Bruce Mars on Unsplash.