BSides Munich Social Feed

Click that button… NO!

Our next article in the #BSidesMunich2025 NEINth Edition goes phishing… or wait, smishing… or maybe vishing? Should we just call it XX-ishing?

We’ve all been there. Your phone rings in the middle of a meeting—an unknown number, a strange country code. You ignore it, letting it go to voicemail. Hours later, you listen to the message: a fake PayXXX warning about a suspicious charge. “Press 1 to talk to a representative,” they say. But when you check your PayXXX account online, nothing matches the claim. That’s when it hits you—it was a vishing attack.

Most people know about phishing: deceptive emails designed to trick victims into clicking dangerous links or revealing personal details. Because email is cheap, cybercriminals blast messages far and wide, hoping to snag a few victims—it only takes a handful to make it worth their while.

But no matter how attackers reach you, their tricks follow the same formula:

  1. Build Trust – They impersonate banks, companies, or trusted individuals, using similar email addresses, official-looking logos, and professional formatting.
  2. Create Urgency – They push panic buttons, making you feel pressured to act fast before it’s “too late.”

As technology evolves, so do phishing tactics. AI has made drafting messages easier and impersonating voice and images more convincing. Communication platform costs have sunk significantly over time. With this, scammers have diversified beyond email to other platforms, including:

  • Vishing – Scammers call individuals or business hotlines, pretending to be officials or tech support.
  • Smishing – Fake messages sent through SMS or apps like WhatsApp, aiming to steal passwords or payment details.
  • Social Media Phishing – Cybercriminals disguise themselves as customer support accounts or acquaintances, tricking users into clicking fraudulent links.

Scammers don’t discriminate. They target everyone—from everyday people to big businesses. Their goal? Easy money. Whether by stealing login details, faking transactions, or running payment scams, they’re always looking for victims.

The best defense? Say NO.

  • Say NO to urgent demands for personal info—especially passwords, payment details, or money transfers. If a request seems suspicious, disconnect and check with the company or contact directly through official channels.
  • Say NO to random tech support calls, emails, or messages—especially if they ask for remote access to your device or tell you to click a link “just to test your system.”
  • If you work in a business, help key employees say NO at the right time. Risk-assess roles like finance, customer support, or IT help desk. Establish repeatable, simple processes to handle “normal” transactions like payment requests or IT support. Train staff to spot scams, reject suspicious requests, and report fraudulent activity.

Scammers thrive on urgency and fear—but if you stay calm and double-check before acting, you have the best chance at staying safe.

#BSidesMunich2025 – NEINth Edition
https://2025.bsidesmunich.org

Posted

in

,

by

Jenn

Tags: