The Growing Threat of Smishing Attacks

Posted
01/17/19
This notice is archived content and this information may no longer be accurate.
T&I Information Security LogoGrowing Threat of Smishing Attacks

The blurred line between professional and personal security is apparent in the increasing popularity of Smishing attacks.
“Smishing” is phishing that targets the SMS (hence the ungainly term—SMiShing, get it?) text messages we all spend so much time with these days.

On the rise

The rising number of high-profile smishing campaigns has prompted government agencies and mobile carriers to publish guides to help customer’s spot messages from fraudsters.
In one recent prominent campaign, scammers posed as an attractive young woman and targeted young men, directing them to a fake dating site designed to harvest their data.
In another example, the UK saw a major smishing surge after an attack caused a major breach at a bank. That attack was notable because the criminals started with a wave of phishing emails impersonating the bank, then followed up with text messages to those who had fallen for the email.
Combining the two mediums that way proved an effective method for criminals to establish a sense of legitimacy. Consumers tend to assume communications are genuine if they’re contacted in different ways.

Targeting business data

So far, the high-profile smishing campaigns have been aimed at consumers. Make no mistake, though: smishing is also a powerful technique for spearphishing an organization. Impersonating an authority figure via text can trick victims into sidestepping security concerns and giving up information.

Experts say preventing smishing attacks is a difficult challenge from a technical standpoint. Malicious texts are much harder to automatically identify and block than phishing emails, and companies can do nothing about stopping attacks targeting a user’s personal mobile phone.
You can do your part by never clicking links in text messages, and by using common sense. Always take an extra minute to confirm that a texted request actually comes from a legitimate source.

Security FYI Logo

Word Vulnerability Lets Hackers Seize Control of PCs

Microsoft recently admitted that a flaw in its popular Word software bestows on hackers the same rights as those enjoyed by legitimate users. The vulnerability, which affects all PC versions of Word, is worrisome because there are hundreds of millions of copies worldwide. Cyber attackers often use similar flaws to seize remote control of PCs, using them to send spam, download malware, and commit other crimes. The software giant did respond to the breach quickly, offering a security “patch” that changes the way Word parses files and thus prevents the attack.

Thieves Steal $2 Million from Gas Station ATMs

Thirteen men were recently indicted for allegedly using Bluetooth-enabled skimmers to steal more than $2 million from customers at gas stations across the Southern United States between 2012 and 2013. Skimmers are devices criminals can clandestinely affix to the front of ATMs to gather debit and credit card information, along with corresponding PIN data without consumer knowledge. Prosecutors say the ring would steal identities in the South, and then use the account numbers at ATM’s in New York City and deposit the cash in banks there. Another ring member would immediately withdraw the money in California or Nevada. According to court documents, in the year the ring is known to have operated the thieves stole more than $2,000,000.

Car Gadgets Raise Privacy Fears

Consumers want their cars to be more connected, but smarter vehicles are raising concerns about protecting driver privacy. New cars carry computers and wireless communication packages that track everything from where the car is driven to what speed it travels. While drivers want turn-by-turn directions and real-time traffic updates, they wouldn't want data about their trip to result in a speeding ticket showing up in the mail. The auto industry is aware of these concerns. Ford CEO Alan Mulally recently said, "Our homes, the cars, everything is going to be on the Internet. Everything's going to be connected. And so what are the guidelines? What do we want?" Ford and other carmakers are cooperating with regulators in considering what privacy protections are needed for driving-related data.