New year, new resolutions. New year, new scams.
While the majority of threats have been around for a while, including SMS Phishing, the ever increasing threat and rising frequency of them makes us take notice.
If you’ve never heard of the term SMiShing, it’s the same as getting sent a phishing email but it arrives to your phone in the form of a SMS (text message).
A SMS is sent to your phone that appears to come from a trusted source or contact, usually alerting you to some kind of problem that needs immediate attention.
Like any phishing attack, the message will include a link that is designed to look legitimate but will redirect you to a fake site, where the goal will be to either steal your credentials or install malware.
The huge amount of devices out there provide fertile ground for any hackers or scammers looking to gain access. The increase of workers utilising BYOD (bring your own device) and using their personal devices to access things like email etc, mean attackers can gain access to corporate resources much easier.
Also with the rise of companies providing security and phishing training to their staff, people are getting better at recognising phishing emails, so hackers are looking at different methods to get through.
Lastly, there have been multiple data breaches in recent time that include mobile phone numbers, so hackers have more information on their targets. Think back not long ago to the Uber breach and imagine how many personal phone numbers were compromised.
SMiShing uses the same techniques as phishing emails, so make sure you are keeping your staff informed and trained.
Ask them to think twice about unexpected text messages that ask them to perform some action urgently. Follow the same principals of phishing training but make sure your staff are aware these techniques are not confined to emails.