The type of phishing that most people are familiar with comes in via email. It may be disguised as an email from a company you do business with or from someone in your organization.
Phishing is the #1 threat to cybersecurity because it’s used to deliver just about every type of cyberattack. Ransomware, viruses, credential theft scams, and more… all have been launched via email phishing attacks.
We don’t know if you’ve noticed lately, but there has been an uptick in the number of SMS messages that people receive. Retailers like Shoe Carnival urge customers to sign up for SMS sale alerts to get a percentage off their purchases. Many people also opt to get shipping notifications from retailers via text message.
We now get texts for things we used to get emails for, such as dental cleaning reminders and prescription refill alerts. This increase in the number of people that use your smartphone to bypass a crowded email inbox is not only from these legitimate organizations. Phishing scammers have also figured out their messages get more views if they are sent by SMS rather than email.
in 2020, SMS phishing (aka “smishing”) rose by 328%. During the first six months of 2021, it skyrocketed by nearly 700% more. This is an alarming trend that puts businesses at risk because so much work is done via mobile devices.
Mobile devices make up about 60% of the endpoints in an average organization.
If you’re not yet training employees on smishing awareness, it’s important that you start now. With SMS phishing attack numbers rising rapidly, it’s only a matter of time before your network is infected through a compromised mobile device.
Less than 35% of the population knows what smishing is, which makes it even more dangerous. Following are some of the common smishing scams to watch out for.
“Thanks for your payment. Here’s a free gift.”
This scam takes advantage of the brief nature of text messages to give the recipient as little information as possible. But it sends a big lure in the form of a free gift offer.
The phishing text thanks the person for a recent payment and then gives them a link to claim a “free gift.” Many people will have recently paid some type of bill and may even get payment notifications via SMS from a utility company or mobile provider. This makes the text even more believable.
But any offer of a free gift with a link in a text message is a big red flag that you need to avoid that link because it’s most likely going to lead to a phishing site.
Fake Installation Appointment
One smishing scam is an illustration of how attackers can leverage public information online to fool you. A recent attack used details about an AT&T fiber installation plan. The mobile provider had been installing fiber internet lines underground in several neighborhoods in upstate South Carolina.
As you can imagine, many of the residents signed up for the service when the project was finished. Some of them reported receiving convincing phishing texts claiming to be AT&T wanting more information for their installation appointment.
The accuracy of the timing could easily fool anyone into providing personal information. One savvy homeowner noticed that he was asked for details he had already given to the company and confirmed that this was a scam.
“There’s a Problem With a Delivery”
Even more people shop online these days than they did pre-pandemic. So, getting a shipping or delivery notification via SMS isn’t out of the ordinary. This is another common SMS that phishing scammers take advantage of by sending one of their own.
This type of smishing message will usually impersonate a company like UPS or FedEx. It will state that there is a delivery waiting for the recipient, but more information is needed to deliver the package. It may also say that a small sum of money is needed to release it.
This will include a link to click, which will take the person to a dangerous phishing site that can do a drive-by injection of malware or be set up to steal sensitive information.
Factors that Make Smishing More Dangerous Than Email Phishing
Smishing is even more dangerous than phishing by email. Here are a few reasons why:
- People aren’t expecting phishing via SMS
- Most people won’t know a legitimate sender’s phone number from a fake one
- Scammers can spoof numbers and even make it look like you sent yourself the message
- You can’t easily hover over links in a text like you can in an email
- Text messages are much shorter, so it’s easier to get fooled by a fake one
Get Help Improving Mobile Device Security
Combatting SMS phishing takes employee awareness training and good mobile device security. GEEK911 can help your Silicon Valley area business with both.
Schedule a consultation today by calling 1-866-433-5411 or reach us online.