How many text messages from businesses do you get? If you’re like many people, you get 2-3 messages a day on average.
This is because businesses are trying to get your attention and bypass bloated email inboxes. They are urging their consumers to sign up for SMS alerts for everything from shipment tracking updates to sale notices and appointment reminders.
These kinds of text notifications are quite convenient. But retail stores and pharmacies aren’t the only ones using this tactic. Cybercriminals are also using text messaging to send out malicious links.
Phishing by SMS or social media is called “smishing,” and it’s becoming a serious problem for Canadian businesses.
Case in point, in 2020, smishing attacks rose by 328%, and during the first half of 2021, it rose nearly 700% more. Phishing via SMS has become a big risk, especially as many companies failed to adjust their data security operations to a more remote and mobile workforce.
Smishing is very dangerous mostly because many people are simply not aware of it. Cybersecurity experts talked about phishing emails for the past 15 years and everyone should be aware of them by now. But smishing is quite new and not that widely discussed.
Less than 35% of the population knows about smishing.
For some reason, people still think that their phone number is known only to them and to a small group of people they‘ve given it to. But this isn’t the case anymore. Phone numbers are available online through both legitimate and fraudulent methods. Huge contact databases that include names, emails, and phone numbers are being sold online.
SMS scams are harder to detect.
Unlike email you can’t check if sender is legitimate. Most people don’t know the legitimate number from which Amazon shipping updates are supposed to come from. Also, text messages often use shortened URLs which mask the true URL, and it’s not as easy to hover over it and to see hidden URL on a phone as it is on a computer.
Here are some of the most popular phishing scams that you may see in your own text messages:
Who doesn’t love online shopping and getting packages delivered to your doorstep? “Delivery problem“ scam leverages that fact. Scammers pretend to be from a known shipper like FedEx or USPS and send you a message that there is your package being held up for delivery because it‘s missing some details.
They also provide a link that takes you to a “missing details form“ that captures personal information that can later be used for identity theft. Another tactic they use is – ask for a small monetary sum(explained as a missing details fee or etc.) to release your package. In this case, scammers provide a link to the site which captures your credit card information.
This scam is more recent, it happened not that long ago in South Carolina. A small town there had an installation of fiber internet lines. And following the installation, AT&T did a customer drive to sign residents up for the service.
During this time, one homeowner reported that he received multiple text messages that pretended to be from AT&T about scheduled fiber internet installation. He thought it was suspicious because the address they gave was wrong and incomplete. The goal of this scam is to receive a reply with correct address and other personal details that scammers couldn‘t find online.
Another recent smishing scam is a text message that doesn’t name any names or give any other info. All it says is, “Thank you for your recent payment/purchase. Here is a free gift for you.” With a link to the gift at the bottom of the message.
This is a widespread scam that you may have seen yourself. It plays on two simple facts. The fact that most people would’ve bought something or paid some type of bill recently and the fact that people love getting free gifts. Scam lures people in with the promise of giving them a gift but all it does is collects their personal data or makes them download some type of malware.
If you thought that having your personal phone hacked is bad enough, imagine what can happen if your C-suite employee gets his device hacked. It could wreak havoc on your business operations and cripple your company if it‘s not dealt with quickly. Smishing scammers are very clever and very dangerous. They combine newest technologies, social engineering and a fact that SMS scams are not widely known to potential victims. Do you have the proper security features installed(mobile antivirus, DNS filtering, etc.)? Is your team aware of dangers of phishing emails and smishing scams?
If not, schedule a quick 10-15 minute call with us at any convenient for you time. Let‘s discuss where is your company now in terms of cybersecurity and how we can help you protect it even better!
EB Solution has been in IT Support business for more than 11 years, working with companies of different sizes from different industries. We employ professionals who know everything about cybersecurity, business continuity and disaster recovery, VoIP technologies, networking, and IT management overall.