Have you heard of ‘smishing’? You’re not alone if you haven’t the faintest idea but it poses a serious threat to your phone’s security and is on the increase.
Smishing stands for SMS phishing and works much the same as phishing but users are tricked into downloading a Trojan horse or virus onto their phones from a text rather than via email.
This is yet another type of social engineering, an attempt to control social behaviour where fraudsters will impersonate a trusted company and leverage urgency to get victims to act quickly.
Text messages are a helpful and efficient way for businesses to stay in touch with customers. And the audience is huge.
There are over 6 billion smart phones in circulation today and a third of them are smartphones. With BYOD (Bring Your Own Device) popular within many organisations, personal mobile phones are part of everyday business life. But conversely, mobile phones have now just become another vulnerable computer device with a direct connection to the Internet.
Worryingly, the rise of threats via SMS carries even more potential danger than it does through email.
The consequences of any form of attack, whether through smishing or phishing can be severe on businesses – especially when they trigger data breaches.
Cyber criminals who target organisations via SMS or email are more often after their data – not money. But the resulting data breaches can lead to heavy fines and reputational damage.
In 2019, phishing was the most common reason cited for cyber data breaches. Phishing dominated the UK cyber threat landscape, accounting for 45% of reports to the Information Commissioner’s Office) ICO.1
1 in every 101 emails are malicious and most of those use some form of phishing as a primary scamming tactic.
How to protect your business from smishing
Smishing can be very difficult to detect, mainly due to the sheer volume of text messages that employees receive. This can lead to ‘user fatigue’ as staff trawl through messages daily.
Organisations can reduce their risks by taking a proactive approach and putting the necessary systems and policies in place to improve their text messaging network. Actions they can take include:
- Providing effective training
- Having a secure enterprise messaging solution. This platform should enable you to capture text messages received by your employees on their mobile devices, and search for flagged terms and suspicious links in real-time.
- Providing stringent BYOD policies in place.
- Not clicking on links within text messages. Don’t respond to messages that request private or financial information from you. Double check all sources before sharing personal data or moving money if prompted to do so by text message.
- Being cautious of urgent messages that require immediate action, double check personally with your company with which you have an account before acting on any prompt. If it’s your bank, call the number on the back of your card.
- Never call a phone number from an unidentified text.
Other forms of social engineering
The telephone equivalent of phishing is ‘vishing’. This is where scammers contact you over the phone to extract personal information or trick you into giving access to your computer or accounts.
‘Pharming’ scams use domain spoofing, where the domain appears authentic. Users are redirected to copies of popular websites where personal data like usernames, passwords and financial information can be ‘farmed’ and collected for fraudulent use.
There are simple steps you can take to identify and avoid these types of scams. Including:
- Do you know the sender? If in doubt, do not open and do not click on any internal links and remain cautious at all times.
- Are there suspicious looking attachments? If there are, contact the sender to verify the contents of the attachment before opening.
- Does the email contain spelling mistakes and grammatical errors?
- Are you asked to provide personal information? If so, ignore it.
- Hover the cursor over the link to see the URL. Will it take you to the expected website or a different one?
There is also a mobile phone scam called Wangiri (translated as ‘one ring and cut’ in Japanese, where it first originated) which involves a fraudster calling a mobile phone number at random, hanging up after one or two rings, and therefore encouraging the recipient to call the number back.
These types of calls are usually from an automated system resulting in a dramatic increase in such calls and are usually internationally based meaning a customer could receive a charge for returning the call.
In conclusion, make sure you install a trusted anti-virus on your computer. Do not disable or weaken your computer’s firewall also allow regular updates to further protect your machine and use a reliable and legitimate Internet Service Provider because significant security is needed at the ISP level as a first line of defence against pharming. Establish user and device trust to protect against the impact of smishing and phishing scams.
Make sure that you don’t get hooked in 2020!
Register for the latest free iCaaS webinar, Top 7 Cyber Threats For 2020 on Tuesday 28th January at 2:00pm. Reserve your place today by visiting https://myicaas.com/about-us/events/