New dictionary words have been formed to describe online scams. Phishing, one that everyone knows by now, is when a scammer uses a pretext in an email to get someone to click on a link or attachment in the email to deploy malicious malware and ransomware.

Social engineering is when criminals conduct online search of individuals and companies by looking at Facebook and LinkedIn profiles and through Google searches to find out as much as possible about a company and its employees and develop a dossier on the company to launch a phishing, vishing or smishing scam.

Vishing can occur, for example, when a criminal buys a similar domain to a company domain, then adds some security terms to make it look like they are from the IT department of the company and calls an employee, tells them a story about how they need to update the VPN or add additional security measures, sends the employee an email from the fake company email address and while they are on the phone with the employee, convinces the employee to put their user name and password into the pop-up, now allowing the criminal full access to the employee’s account.

And smishing (it’s so new that spell check doesn’t recognize it) is when the scammers use a text (SMS messaging) as the ruse instead of an email or a telephone call.

People tend to trust text messages more than emails. They also read them more frequently and faster than emails. Scammers are using old techniques with new technology to get people to click on embedded links to introduce malicious malware into individuals’ phones or to give up personal or corporate credentials. Now the scam is using text messages.

This should be concerning for IT professionals since so many employees use their personal phones for work. Even though the employees are being targeted on their personal phones, the smishing scams can be a threat to corporate security. IT professionals may wish to add smishing as a technique when providing security training to employees so they are aware of the latest techniques used by criminals.

Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.