Phishing using text message, or smishing (SMS phishing), saw a huge increase over the first half of the year. The increase is attributed to many people shopping from home in 2020, and companies using text messages for confirmation and to communicate with their customers. Smishing messages normally appear to come from banks, Amazon, mobile phone providers, or government agencies. Criminals use stories in the news to form their tactics like fake messages related to COVID contact tracing or messages from the government about tax returns.
Criminals are getting smarter and targeting smishing campaigns now include using the target’s real first name, and phone or bank service they actually use. With so many data breaches recently, criminals are finding it easier to get their hands on more information about an individual and target them in a convincing way. Smishing numbers are up 300% in the US and 700% in the UK.
Corporate IT leaders are concerned about the implications of the increase in attacks on employee smartphones. As an industry, we’ve gotten very good at protecting computers on the business network, but many employees are working from home on consumer-grade networks and using personal and corporate smartphones on a variety of unsafe networks. Hackers targeting employees for business credentials with smishing is the logical next step in these attacks.
Steps to avoid becoming a victim
As with many of these threats, educating your employees is the first step. The messages almost always have a link to click on that’s trying to steal login or personal information. Employees should know never to click on links in a text message or email and provide any kind of information. The text messages are designed to create urgency. They may say an account has a negative balance, or you just won a prize for paying your cell phone bill on time. The second step is to make sure the education sticks. Use an external IT company like Quanexus to test security awareness. Employees need to be able to recognize a suspicious message in the wild.
Quanexus IT Support Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.
