In this digital era, ‘smishing’ is increasingly becoming popular, and hackers capitalize on it highly.
With the rise in digitization, people have got used to gadgets and notifications. Similarly, the attack landscape is also evolving. The rising attack of phishing messages delivered via SMS – known as smishing, has been hitting users globally in the past few months.
The fraud messages are impersonating payments, streaming services, and package delivery for various sectors. This list includes government organizations, healthcare, IT and email providers, e-commerce companies, hospitality organizations, and more.
Phishing with SMS is widespread since it is effective
The goal of the cyber-attackers is to get users and share sensitive information via SMS or by entering it into a spoofed website. Indeed, most phishers are looking for personal and financial data, online banking, or other account credentials, tax information, electronic IDs, etc., since these are worth their efforts.
At times, the objective extends to getting victims to sign up for pricy services or installs mobile malware. Lately, the fake messages for consumer fraud take the form of alerts around receivers being eligible to apply for the COVID-19 vaccine, notifications about deliveries or requirements to pay, and so on.
As per experts, the variety of lures is seemingly endless. Certainly, they are designed to take advantage of users’ emotions and cognitive failings, trust in authority, or unfamiliarity with technologies. Being contacted via SMS by services and government institutions is now less unusual as we advance.
In this context, John Ayers, Chief Strategy Product Officer at Nuspire, says – “With the increase in phishing and ransomware attacks, most companies are already compromised—and they aren’t aware of it. The reality is that employees are leveraging consumer internet with no controls, which is essentially a buffet line for cyber attackers. These attacks will primarily involve various forms of phishing, including by email, voice, text, instant messaging, and even third-party applications.”
Indeed, most of these red flags are hard to spot on mobile devices, and such occurrence is rare as they are targeted attacks. Such smishing attempts usually originate from unknown, unlisted phone numbers, and thus it becomes tricky to verify the sender’s identity. Besides, it is difficult to see where the compressed URL is included in the message as people cannot hover with a mouse pointer to check.
Unfortunately, up until the telecoms operators come up with more operational ways to inhibit phishing SMS tactics from getting delivered, users are required to be careful. In fact, people should not trust implicitly every SMS they receive. Indeed the attackers will regularly come up with new tricks and consistently reach out to exploit.