On the ninth day of Christmas… A smishing scam finds you

December 19, 2018 12:02 pm Ernest Bankhead

How did we ever function without mobile phones?

With over 5 billion mobile phones in the world, it’s hard to remember a time without them. Cybercriminals have also noted this increase in use and are using the platform as a way to trick people into divulging sensitive information. The danger in the corporate environment is that we frequently use our phones to communicate sensitive information and access company networks. This acts as a magnet to criminals who are keen to get their hands on this valuable corporate data.

Smishing is a type of phishing which uses SMS messages as opposed to emails to target individuals. It’s used by criminals to encourage individuals to disclose personal information such as account details, credit card details or usernames and passwords. This method involves the fraudster sending a text message to an individual’s phone number and this usually includes a call to action that requires an immediate response.

Smishing messages purport to be from a legitimate organisation, usually a bank or other financial institution and will almost certainly create a sense of urgency. It may even appear to be from a colleague or your IT help desk. You must confirm your details or your account will be locked or your card cancelled. They usually provide a link or a telephone number for your “convenience”.

You should never reply to these types of messages, if there is an urgent action, stop and think about it reasonably. Smishing cyber-attacks can impact you, your team or your company. Once your smartphone has been hacked, cybercriminals can steal sensitive data, launch attacks, and use your email account to launch a phishing attack on your colleagues or plant malware on servers.

It’s important to be cyber aware and educate yourself on the dangers of these attacks and how you can try and prevent them.

To protect yourself from a Smishing attack, you should:

  • Be wary about text messages requesting personal and or financial information. Go directly to the company’s website to verify the claim.
  • Be wary of text messages urging you to act now so you don’t miss out or get locked out. This is a common tactic used by cybercriminals to prompt you into action.
  • Avoid clicking on links or responding to numbers that you don’t know.
  • Stay alert to telephone numbers that do not look like a mobile number e.g. too short, too long. Cybercriminals will often mask their identity by using email to text services.

MetaPhish provides a powerful defence against phishing and ransomware attacks by training employees how to identify and respond appropriately to these threats. Get in touch for further information on how we can help protect your business.