In this article we’re going to talk about phishing, SMiShing, disinformation, and malinformation.
Phishing and SMiShing are types of cyberattacks that aim to trick individuals into giving away sensitive information. Disinformation and malinformation are information disorders that are intended to intentionally mislead, confuse, or cause harm. With respect to this, we’re going to explain how phishing/SMiShing tactics are used in the creation of disinformation and why these two attacks fall into the malinformation category.
It’s important to be aware of this stuff and to know how to protect yourself from them.
Phishing, a subset of social engineering, is a type of cyberattack that involves sending an email or message that appears to be from a legitimate source, such as a bank or company, in an attempt to trick the recipient into giving away sensitive information, such as login credentials or financial information. These messages often include a link or attachment that, when clicked, will take the victim to a fake website where they are prompted to enter their information. Phishing isn’t limited to email. It can be done over social media (including DMs), over a phone call (known as vishing, or voice phishing) or over text which is known as SMiShing, which we’ve written about here, and here.
These two attacks employ similar techniques. A few of them are:
- Wrong/spoofed phone numbers or email addresses
- Domain names that look similar to the original
- Stolen images
A few things you can do to be proactive (Note that this list isn’t exhaustive):
- If you receive communication that something is affecting some account (e.g., bank, PayPal, credit card, Amazon, Walmart, etc) go directly to your account and see for yourself. Don’t use any of the links or contact info in the alleged phishing message.
- If it’s an email, just mark it as phishing, and be done with it. For text messages copy the message and forward it to 7726 (SPAM). Also use your mobile provider’s spam filters to to help further reduce the amount of junk you receive.
- Ensure that your devices have anti-malware installed and to use two factor authentication for the online accounts that you have.
Switching gears, let’s talk about disinformation and malinformation.
Disinformation is the intentional fabrication of information with the malicious intent to mislead or confuse. This can come in the form of fake news, manipulated images, or deepfake videos. Disinformation can be spread through various channels, including social media, email, and text messages. The goal of disinformation is to sow discord among the public in order to create division or to disrupt certain processes.
How is phishing or smishing related to disinformation? Here are a couple of ways:
- Use of stolen/altered images
- Domain names, and real names, may look similar to a trusted source.
Some of the investigative methods for unmasking disinformation are similar to investigating a phishing email, website, social media page, or text message. This includes:
- Researching the domain name and the IP address(es) it resolves to.
- Search the phone number, email, and text of message to see if it pops up in other places online.
- Reverse image search, and other photo analysis techniques, to see if you’re able to locate the original source image.
Malinformation is the use of factual information with the intent to harm a person, an organization, or a country. Phishing and smishing directly fall into this category, among other things, because once a bad actor has your sensitive information the potential harm to you comes in the form of account compromises, loss of funds, or identity theft.
At Bsquared Intel we have personal and business services that help protect you, your family or your business with regard to phishing and information disorder. When we work with law firms with the research we do, we’ll pick things apart for you if your case involves this kind of subject matter.
Lastly, in our newsletter we like to have some fun. There’s a section where we intentionally make obvious alterations to news headlines, or present you with images to pick apart, to help get you in the habit of finding what the real source of something is. Sign up here to receive the newsletter https://bsquaredintel.com/newsletter-signup/
Also, fill out the contact form below to learn more about our services, to say hello, or ask questions related to this article.