Smishing relies on the same tactics as phishing. The major difference between these two cyberattack techniques is that smishing targets victims through text messages instead of emails. As a growing number of people use their smartphones for both personal and work-related purposes (e.g., interacting with colleagues and clients on mobile applications), smishing has become a rising threat. In fact, in 2021, the Canadian Anti-Fraud Centre totaled 4,451 reports of phishing and 1,323 reports of spear phishing, both of which can involve texting platforms.
Smishing follows the same format as phishing, using deceiving messages to manipulate recipients. These messages are generally sent via text but can also be delivered through mobile instant messaging applications (e.g., WhatsApp). In these messages, cybercriminals may implement a wide range of strategies to get their targets to share information or infect their devices with malware. Specifically, they will likely impersonate a trusted or reputable source and urge the recipient to respond with confidential details, download a harmful application or click a malicious link. Here are some examples of common smishing messages:
If a recipient is tricked into doing what a smishing message asks, they could end up unknowingly downloading malware or exposing sensitive information, such as login credentials, debit and credit card numbers or Social Insurance Numbers. From there, cybercriminals may use the information they obtained from smishing for several reasons, such as hacking accounts, opening new accounts, stealing money or retrieving additional data. Since individuals may use their smartphones for work-related tasks, smishing has the potential to impact businesses as well. For example, an individual who falls for a smishing scam could inadvertently give a cybercriminal access to their workplace credentials, allowing the criminal to collect confidential data from the victim's employer and even steal business funds.
The nature of smishing has made this cyberattack technique a significant threat. This is because individuals are typically not as careful when communicating on their smartphones compared to their computers, often engaging in multiple text conversations at a time (sometimes while distracted or in a rush). Due to the large number of texts sent and received daily, individuals may be less wary or observant of a message from an unknown number than an email, making them more likely to interact with a malicious text message.
Furthermore, many individuals falsely assume that their smartphones possess more advanced security features than computers, thus protecting them from harmful messages. However, smartphone security has its limits. Currently, these devices are unable to directly safeguard individuals from smishing attempts, leaving all smartphone users vulnerable. That's why it's important for businesses to take steps to protect against smishing.
To effectively minimize smishing exposures and prevent related cyberattacks, businesses should:
Smishing is a serious cyber threat that both individuals and businesses can't afford to ignore. By staying aware of smishing tactics and implementing solid mitigation measures, businesses can successfully protect against this rising cyberattack technique, deterring cybercriminals and minimizing associated losses.
For more risk management guidance, contact us today.
Jul 7, 2022
A man-in-the-middle (MITM) cyberattack refers to a cybercriminal intercepting a digital interaction or exchange between individuals, systems or an individual and a system. During a MITM incident, a cybercriminal could eavesdrop on an interaction or pretend to be a participant in the exchange. MITM cyberattacks leverage various strategies to manipulate targets, but the goal of these incidents is largely the same-to retrieve confidential data and use it to commit additional crimes.
May 9, 2022
Most people are familiar with phishing, a cyberattack technique that entails cybercriminals leveraging fraudulent emails to manipulate recipients into sharing sensitive information, clicking malicious links or opening harmful attachments. While these email-based scams remain a pressing concern, a new form of phishing-known as smishing - has emerged over the years, creating additional cyber exposures for both organizations and individuals.