When we described Social Engineering Attacks, we talked about phishing (cyber attacks carried out using email). Phishing is all about convincing you to act immediately by clicking on a link, or opening an attached document, and results in a hacker getting access to your sensitive business or personal information.
If you follow the few simple rules we laid out for detecting phishing e-mails, you will get good at stopping phishing attacks really quickly.
Unfortunately, just about any form of electronic communication can be used for Social Engineering Attacks. With the rise of instant messaging as a viable business communication tool (think Slack), you need to know about phishing’s first cousin:
Much like phishing, the whole point of smishing is to get you to click on an embedded link without thinking. This is usually accomplished by sending you a message that will make you worried (your bank is about to suspend your account or cancel your credit card) or excited (you just won a lottery you’ve never heard of).
With smishing, an attacker wants you to click on a link included in the message to download mobile malware, visit a malicious website, or call a fraudulent phone number. Since most of us now do a lot of our banking on our Smartphones via apps, with confirmations and activity notifications arriving by SMS, a lot of smishing tends to focus on pretending to be from your bank or credit card company. Here are some examples of real smishing attacks with the bank names replaced with the word bankname:
And, of course, none of those URLs belonged to a bank. They pointed to malicious web sites.
The rules that allow you to avoid most smishing attacks are easy to remember:
And whenever you get instant messages about your bank accounts, credit cards, etc.:
Do your research and verify the instant message is legit. If a financial institution is threatening to cancel your card immediately, don’t click on the link or call the number embedded in the message. Call the real customer service number on the back of your credit card or bank card and talk to a customer representative about it.
Following these guidelines will help mitigate your risks against smishing. However, as more businesses adopt instant messaging as a preferred method of communication, the intensity of smishing attacks is guaranteed to increase.
Want to know more information on how to better protect your business against smishing and other types of social engineering attacks?