As serious as they are, cyberattacks are not always labeled with the most serious-sounding names. We are, of course, talking about phishing: the use of spoofed email addresses and fraudulent messages to get hold of data, or whatever goal the attacker has in mind. One of the silliest-sounding versions of phishing—smishing—has proven to be of particular risk.
What is Smishing?
When cybercriminals use phishing scams, they aren’t using advanced technologies to crack their target’s digital defenses. Instead, they hack users by exploiting the assumptions, bad habits, and ignorance of the target to get them to release sensitive information.
Attackers circumvent cybersecurity measures by sending messages purporting to be from an authority figure or trusted contact, thereby convincing the user to undermine their protection. A notorious example of phishing is the email from the persecuted royal family, known as the "Nigerian Prince scam."
Smishing simply applies this principle to SMS instead of the usual email.
You could simply receive an SMS from a number that claims to be a financial institution or service provider, or even if you are doing business with that institution.
This message could contain details that confirm that the sender is who they purport to be, or it could go unnoticed because it is not the kind of message that most people expect to be phished through. More recently, many of these attacks have been sent under the ruse of being from authorities trying to share information about the COVID-19 pandemic.
There is a possibility that a link may be included in the message asking you to log in, but the problem is that this will lead you back to a fraudulent login page where the user’s actual login data is collected. It may prompt you to download a document that hides a variety of malicious programs, and suddenly the attacker has access to all your personal information, such as your phone number, email address, credit card numbers, bank account credentials and other sensitive information.
It's as simple as that.
Now, think for a moment about how much sensitive data you're likely to keep on your phones and what data a hacker might extract from them.
Spotting a Smishing Message
To prevent this from affecting your business, your entire team must be able to detect phishing attempts as soon as they are sent via SMS.
- Just as with suspected phishing emails, opening a suspected smishing message is extremely risky. If the sender is not familiar to you, do not open the message and definitely do not access any links included.
- If you cannot verify the legitimacy of the message, do not release sensitive information. If you receive a text message from Facebook informing you of a problem with your account, access Facebook separately to confirm before you resolve it.
- Some mobile devices can block texts, just like email clients can filter messages. So, make sure you block phone numbers that are suspected of phishing and apply settings that might be helpful.
As a final tip, you need to make sure your entire organization keeps an eye on security during the workday and that they know how to identify and respond to threats.
Of course, it does not hurt to apply certain preventative measures to your network, such as anti-virus, firewall protections, and others. We can help! iTSTL can support your team in its IT requirements for security, productivity, and mobility. Find out about our services by contacting (314) 722-6647.