Information Security and SMiShing :
In the cyber threat landscape, social engineering represents an unquestionable risk to the reputational, financial, legal, and long term health of an organisation. However, in order to provide adequate planning and protection, it is important to remember that the risks of social engineering extend beyond the company email inbox.
Corporate insurer Beazley reported in 2017 that data breaches had increased nine times over the previous year’s tally, causally attributed to a similar increase in social engineering attacks.
Social engineering, which uses deception to defraud and disarm individuals of data to gain unauthorized access to systems, virtual, and physical spaces, is multifaceted in its approach. Scams may arrive in the form of emails, yes, but also in many other forms, including SMS text messages.
SMS social engineering messaging, also known as SMiShing, is in many ways similar to email phishing. A SMiShing target will receive a counterfeit message on their mobile device, containing a link or attachment that is meant to entice them. These messages can come laced with malicious software, links to fraudulent sites, or even phone numbers, all meant to victimise the recipient.
Beyond simply a direct attack, SMiShing is also known to be used in parallel with other social engineering techniques, bolstering the claims to legitimacy by the fraudsters. A phishing email may arrive simultaneously with an SMS text heightening the sense of urgency (for example a bank fraud alert with an SMS text and phone number to immediately confirm a pending charge). Due to their success, these types of multilayered attacks are on the rise, and require our swift action to raise preparedness.
Sample SMiShing - Step by Step Guide:
In order to meet the rising challenges of SMiShing, CRA is rolling out a new service to our top level subscription clients.
This SMiShing manager upholds our standards of ease of use and will be seamlessly adaptable into the your education and awareness programs.
Access to the new tool can be found in the SMiShing Manager, available in the left-hand navigation column.
There, system templates will be available based on current best practices and industry trends, but personalisation and customisation options will also be available for those who may choose to modify existing SMiShing text templates, or create their own versions from scratch.
In order to send these messages, the user template has been modified to allow for inclusion of a mobile device number. Depending on your target audience, these numbers can be manually input, or completed through a mass upload.
Solving SMiShing :
Avoiding SMiShing threats can be straightforward, but it requires awareness, vigilance, and practice. Through the Cyber Risk Aware platform, our SMiShing staging solution can provide insight into common industry trends, and provide your users with real world opportunities to interact with safe SMiShing examples.