One of the latest cybersecurity threats to be popularized is phishing through SMS, or fraudulent texts.
This is also called Smishing. If you’ve ever got an unusual text on your phone, or you’re worried about your employee’s use of their personal phones for work, then it is worthwhile to understand what Smishing is and how you can protect yourself and your organization from it. People are, for now, less aware of phishing attempts through text than through email. To protect against smishing, you should to learn about it now.
What is Smishing?
How do you protect yourself from smishing? First, you need to understand how it works. Essentially, would-be criminals send you fake texts with the goal to get you to compromise your own information or download malware. It is a form of social engineering, where criminals take advantage of your capacity to trust and to think of your phone as a safe spot. Many people will follow the links in the texts without a thought, and the phone may then automatically download malware, or it may lead to a website where they plug in their information. Attackers can then either use your phone or your information for nefarious purposes.
Spotting an SMS phishing attack can be a challenge because they are always changing. A criminal may send out texts to thousands of people per day pretending to be a bank. For many people, this isn’t their primary bank so the trick is easier to spot. For others, the criminal is pretending to be their bank, which makes it harder to stop and consider if this is an attack. If that doesn’t work, the next day they could be texting out from a new number with a link to a fake version of a website you know, a charity you support, a government agency, or someone pretending to be your friend.
It can be quite alarming when you see your own cell phone number sending you text messages. This new scam has had a majority of cell phone owners experiencing smishing from senders that replicate their number and cell phone provider. It is easy to get fooled by this type of fraud because many recipients assume the message is safe since cell phone provider sent it. Be aware when you receive these types of messages, as it is fraud. There has been a recent increase in this type of smishing attack, especially for Verizon Wireless carriers.
How to Stop Smishing Attacks
There are a few different ways you can protect yourself from these attacks. The first is simply to trust your instincts. If you’re asking: why did I get a text from myself? Could I really have won money? Stop and consider whether this is likely to be a smishing attempt, and don’t follow the link in the text or reply. Essentially, if it sounds too good to be true, it probably is.
Next, make it a personal rule that you don’t visit websites by clicking on them in a text. If your government agency or your bank really needs to communicate something to you, you can find their website in your browser and log in there. That way, you know you’re on the real website and not giving away your login or other information to a fake website.
You can also reach out to a company to verify if they are really offering what the text tells you. Is this company really offering a free spa day or a free Apple Watch, and if they are, why do you need to plug in information to get it?
There are also ways to protect your workplace system from smishing attacks that your colleagues might be vulnerable to. The professionals can help.
Is Training the Key to Fight These Threats?
Cyber awareness training for employees across the entire organization is really important in any industry. In fact, it is a requirement for employers to provide all employees with cyber awareness training for data security laws, such as the General Data Protection Regulation (GDPR) and the New York SHIELD Act.
Cyber criminals try take advantage of human error. The best way to try to defend against cyber criminals is to think like one. Your employees should be aware of new and evolving scams and be trained on what to do once they identify a scam. The key is to provide REGULAR cyber awareness training.
However, training is only half the battle. There will always be room for human error even for the most well prepared employees. We are all only human after all and it only takes one mistake to permanently damage a company’s financials, reputation and relationships. The only realistic way to mitigate this growing risk is through a combination of training and technology that can detect social engineering scams and warn people of the threat.