When You Phish, Make a Vish and Receive a Smish

When You Phish,
Make a Vish
and Receive a Smish

WEME – Eugene Chung

Home » Blog » When Experts Meet Experts (WEME) » When You Phish, Make a Vish and Receive a Smish

Phish, Vish, or Smish - ArmourZero

With more people using smartphones to make payments and many banks and utilities verifying users’ accounts through text messages, the fraud floodgates have opened which is why cybercriminals looking to steal personal info are using text messages as bait, that is, via SMS (Short Messaging Service).

Voice Phishing aka Vishing (refers to phishing attacks that involve the use of voice calls, using either conventional phone systems or Voice over Internet Protocol (VoIP) systems) – see below:

When You Phish, Make a Vish and Receive a Smish - ArmourZero

I received the above as dated. The caller was very determined to entice me to answer the call. The visher rang me 5 times. I ignored the call 4 times and declined 1 time. The caller gave up.

When You Phish, Make a Vish and Receive a Smish

I received the above SMS from 62666 which is the short code used by a well known Malaysian bank, CIMB. The OTPs I received 28 times were different numbers generated but the OTPs provided in the SMS’ are hyperlinked which means they are clickable links and the advice is never ever click on such links.

A one-time password (OTP) is an automatically generated numeric or alphanumeric string of characters that authenticates a user for a single transaction or login session. An OTP is more secure than a static password, especially a user-created password, which can be weak and/or reused across multiple accounts.

This is a real example of an SMS I received: Beware, Be Aware, Be Vigilant

Here is scam phishing story:

Call it stupidity, naivety, ignorance, gullibility, it took just a momentary lapse in judgement for Ah Chong to fall for the SMS scam.

The text message he received looked legitimate. After some of his personal information had already been stolen a few years ago, he signed up for text alerts from his bank, ACDC Bank, to confirm each time he made a new purchase. And that decision to protect himself, ironically, was what made him such an easy target.

So when a scammer texted Ah Chong, informing him his ACDC credit card had been charged with a RM$240 withdrawal and to “Contact Us if Suspicious,” he did not hesitate and rang. A robotic voice welcomed him to ACDC and instructed him to verify himself, so he entered in his credit card number, Identity Card (IC) number and birthdate.

“This information is valid. Thank you,” the voice said, and hung up. Only then did he realise his mistake. Too late!

“I was like, hello, wait a minute,” Ah Chong said in a phone interview.

“I was surprised it didn’t connect me with somebody to talk to. Usually that’s what happens. That’s when I thought, ‘Oh crap! I have been scammed!'”

In the space of a few minutes, Ah Chong became the latest victim of “smishing,” or SMS phishing, in which a scammer sends a text message to trick the recipient into turning over some sensitive personal information, which can be used for all sorts of fraud, like syphoning money from their bank accounts or opening up credit cards in their names.

Unwanted texts have existed for practically as long as the text message itself but with more people using their smartphones to make payments and as many sites for banks and utilities verifying users’ accounts through text messages, the fraud floodgates have opened.

Why am I suddenly getting spam texts? Why am I getting spam SMS messages?, are not uncommon questions asked by many these days.

There are many ways spammers get hold of your cell/mobile phone number so they can send SMS spams. They may use technology to generate numbers automatically so even if you have a brand new number, you can still receive both robocalls and robotexts.

Scam and phishing messages sent via text/SMS are particularly tenacious because there is practically no way to block them. Good email providers today block most junk and phishing emails, making email spam a shadow of the problem it once was. While unwanted phone calls are annoying, you can at least look at the caller’s number and decide to not to take a call.

Smartphones today are nearly ubiquitous – 100 out 100 adults and teenagers own one – there is nothing much people can do to stop unwanted texts. Apple and Google, the respective manufacturers of the iOS and Android smartphone operating systems, advise users to block unwanted numbers but cybersecurity experts know it is very easy for scammers to pretend to send messages from different numbers that such strategies are effectively ineffective. Apple at least allows users to filter all messages from people who are not already in their contacts but that does not flag which texts are likely to be scams, and it puts them in the same folder as authentic messages from unsaved numbers.

Replying “STOP” to a marketing company or signing up to Do Not Call list can reduce spam from companies that seek to abide by the law but in reality, security experts warn that since many scammers have no interest in following the law, that is likely to do more harm than good.

Be warned against responding to apparent vishing/smishing attempts. If you respond, it shows there is somebody at the other end as the scammers may just be fishing for live/active numbers.

SMS phishing scams in S’pore shed light on digital bank security, what’s next?

From OCBC phishing to the ‘Macau scam’, how cyber criminals from Singapore and Hong Kong to Malaysia and India stay one step ahead of the banks | South China Morning Post

Last but not least, Mobile Spyware, sometimes called stalkerware, can be installed onto your phone to monitor information such as calls, text messages, emails, location, photos, and browsing history. In some cases it may be able to take photos and record nearby conversations.

Spyware is designed to remain hidden, so that it can monitor your phone without you knowing. However, a lot of spyware is detectable if you know what you’re looking for.

Here are 10 of the most common signs that someone is spying on your phone:

  1. Unfamiliar Applications
  2. Your Device is ‘Rooted’ or ‘Jailbroken’
  3. The Battery Is Draining Fast
  4. Your Phone Is Getting Very Hot
  5. Unusually High Data Usage
  6. Strange Activity In Standby Mode
  7. Issues With Shutting Down the Phone
  8. Odd SMS Messages
  9. Autocorrect Is Misbehaving
  10. Screenshot Quality


Below, I share further real-life scam cases and leave you reminded if unsure, do not act but consult. Be always aware, beware and be cybersecurity OCD (obsessive compulsive disorder) vigilant.

Catch When Expert Meets Expert by Eugene Chung articles every bi-weekly Tuesday. Don’t forget to subscribe to stay connected. You are also encouraged to ask questions and seek advice from him.

Share this post

Related Posts

Cybersecurity translated into golf terms with Tony Smith

Cybersecurity: Achieving the ‘Hole-in-One’ of Digital Defence

Discover the connection between cybersecurity and sports with Tony Smith, Regional VP at WithSecure. Let’s achieve the ‘Hole-in-One’ of Digital Defense.

Read more

Beware of Scare Software aka Scareware

What is Scare Software or Scareware? Learn more about this Social Engineering technique that aimed to scare the victim with ArmourZero mentor Eugene Chung.

Read more

Job Hunting Tips for IT Graduates

Job Hunting Tips for IT Graduates

The job market is tough and competitive. Learn some tips on how to do job hunting for IT graduates from ArmourZero’s mentor and expert Ts. Saiful Bakhtiar.

Read more

Tips to Successfully Sell a Credible Cybersecurity Solution

How do Cybersecurity sales convince prospects to trust their services and/or products? Learn more about it from ArmourZero’s mentor and expert Eugene Chung.

Read more