In today’s fast-changing digital world, it’s crucial to stay aware of common cyber threats like phishing, vishing, smishing, and quishing. Cyber criminals continuously evolve their tactics to steal personal and financial information, leading to serious consequences such as identity theft, fraud, and data breaches.

The following explains these attacks in more detail, how to identify them, and provides practical tips to protect yourself and your organisation’s information from these threats.

Phishing

Phishing involves fraudulent emails that appear to be from reputable companies, designed to steal your personal information, such as login credentials or credit card details. These emails often imitate well-known brands, trusted organisations, or senior management within your institution to lower your defences.

How to spot phishing emails:

• Suspicious sender addresses or domains.
• Unexpected attachments or links.
• Requests for urgent action regarding your account details or passwords.
• Asks you to purchase gift cards.

Vishing

Vishing, or voice phishing, is when scammers use phone calls to impersonate trusted institutions like banks or government agencies. They often create a sense of urgency, claiming that your account is compromised or there's an issue that needs immediate action. You should always be sceptical of unsolicited calls asking for sensitive information.

Signs of vishing:

• Calls from unknown or blocked numbers claiming to be from official organisations.
• Requests for confidential information such as passwords or bank details.
• High-pressure tactics urging immediate action.
• An automated message that will prompt you to provide information to speak with a live person.

Smishing

Smishing uses SMS text messages to trick recipients into clicking on malicious links or providing personal data. These messages often appear to be from a legitimate source, such as a bank or delivery service, and might encourage you to click a link or respond with personal details.

How to avoid smishing attacks:

• Do not respond to unsolicited messages.
• Avoid clicking on links in text messages.
• Use spam filters and regularly block suspicious numbers.

Quishing

Quishing is a newer technique that involves using QR codes in phishing attacks. Scammers insert malicious QR codes in emails, websites, or physical locations that direct you to harmful websites or initiate malware downloads. With the widespread adoption of QR codes, this method is becoming increasingly common.

Protect yourself from quishing:

• Only scan QR codes from trusted sources.
• Always check the website or URL after scanning a QR code before clicking through to the link.
• Be cautious of QR codes found in unsolicited communications.
• Ensure QR codes in public spaces haven’t been altered or replaced.

Targeted threats and variations

As cybercriminals evolve their tactics, sophisticated attacks like spear phishing and whaling are on the rise. These targeted attacks focus on specific individuals, often within organisations, making them harder to detect and more damaging. Spear phishing uses personalised details, while whaling targets high-profile individuals such as executives.

Business email compromise (BEC) scams are also increasing, which target organisations by impersonating employees or partners, leading to financial losses or stolen data.

How to Protect Yourself:

1. Turn on Multi-factor Authentication (MFA): This adds an extra layer of security to your accounts, even if your credentials are stolen.
2. Keep your devices and software up to date: Regularly update your software and use strong firewalls and/or VPNs to protect against cyber threats. Limit access to sensitive information to only those who need it, and ensure your devices have the latest security patches.
3. Use strong and unique passwords, such as a passphrase: Use a combination of random words that are easy to remember but hard to guess. Avoid reusing passwords across different accounts and consider using a password manager to store and generate unique passphrases.
4. Recognise and report phishing: Report any emails, SMS, or other communications that seem suspicious. Promptly reporting unusual activity helps prevent further attacks and protects others from potential harm.
5. Stay Informed: Regularly educate yourself, your colleagues, and family on the latest scam tactics and how to spot them.

By being proactive and cautious, you can significantly reduce the risk of falling victim to these evolving cyber threats.

Stay informed, stay secure, and always think twice before clicking.

More Information

Australian Cyber Security Centre – information on different types of cyber threats and how to protect yourself, your family, and friends from scams.

Scamwatch – Details types of scams that have been reported and also where you can report a scam.

Have I Been Pwned – This site will report if you’re email address has been compromised as part of a data breach, which ones and what has data has been exposed.