Smishing and fishing: the costly parallel
Published On :
By Nikhil Shoorji, Managing Director at Infobip
Much like a fisherman using realistic bait to attract fish to their hook, fraudsters capture people’s attention with a variety of tactics designed to engage without arousing suspicions. Fraudsters are taking advantage of the chaos caused by two years of a global pandemic and an impending recession to steal personal information or spread malware under the guise of legitimate companies.
This is particularly alarming given the use of SMS messages for important updates and authentication. Infobip research recently found that 69% of respondents used SMS text messages for authentication or one-time passwords and 44% said billing updates are the types of texts they regularly receive. With SMS phishing on the rise, such a key platform being at site of fraud is a very present and looming threat.
Back to basics
Smishing is simply the SMS equivalent of phishing in that the ‘bait’ message is delivered by SMS rather than email. Effective smishing attacks rely on a recipient taking an action that they would not otherwise have done. This could simply be clicking on a link in an SMS message or submitting private information by return SMS or via a fake landing page.
There are mainly three types of smishing attacks:
- Copycat marketing
In the grey area of the law, a business may contact a person pretending to be, or simply suggesting that they are a well-known brand that the person already knows and trusts. The victim is then deceived into viewing a product or offer that they would not otherwise have paid any attention to. You could receive a message like you’ve won a competition! – that you never entered.
2. Malware attacks
This type of attack is malicious but has limited sophistication. Recipients are fooled into believing that the message is from a legitimate source, but this time the link they are encouraged to click on will download malware onto the device that could infect it and potentially distribute itself automatically via the phone’s contact list.
All modern smart phones will have security features that stop the silent downloading of malware, but these features are far less effective when users voluntarily download something or share their personal data
- Fake landing pages
The most brazen, sophisticated, and costly form of smishing is where fraudsters mimic messages from legitimate businesses to their customers, encouraging them to visit a fake landing page where they are instructed to enter personal information and login credentials which are then stolen and used to access the real accounts.
The most successful smishing attacks will also incorporate social engineering tactics. Harvested information will often be stored and used in a later attack. After sufficient time has passed the victim will not put two and two together and realise they’ve been scammed
For a smishing attack to occur, you may ask how did fraudsters get my mobile number in the first place? Here are 3 ways:
- Data breaches: When hackers gain access to an organisation customer database, the information they steal could include anything from login and password details to addresses, and of course mobile phone numbers.
- Website scraping: Your phone number may be listed in multiple legitimate places on the internet, from old social media profiles to clubs that you once belonged to. Fraudsters use software that continually scans the internet looking for combinations of numbers that look like phone numbers.
- Saved form data on your browser: Depending on your browser settings, when you fill out a web form the information that you enter can be saved in memory so that the browser ‘remembers’ your details the next time you fill out a similar form. If this data is not locked down by the browser, it can be found and extracted by malware that then transmits it to external third parties.
So, how can we stay alert? The onus is on telecom providers
As the sophistication of smishing attacks grows, it becomes even more difficult to recognise them; the onus is on telecom operators to take charge. It is actually in their best interest to take a proactive approach. A successful attack will erode confidence in application to person (A2P) messaging, causing customers and the brands they buy from to move away from SMS and onto other messaging platforms.
Mobile operators should not fear, they have an ally in partnering with the right vendor. SMS firewall, defends mobile networks against all SMS-based messaging attacks. All messages are routed through the firewall are analysed. This technology can help secure their mobile eco-systems. The right provider with a rich set of tools can provide:
- Links to a continually updated database of malicious URLs that can be automatically blocked in real-time
- Proactive threat detection which uses machine learning to preempt attacks
- Automated responses to identified threats
- Detection of MSISDNs that are not “real customers” based on SIM box detection that can provide MSISDN reputation analysis
With all that’s going on, in a time where consumers are particularly weary, and competition is fierce in the messaging space, telecom providers need to remain dependable. Using SMS messaging for any form of alert, whether big or small, should be simple. With the powers of SMS firewall, telecom providers can be an aid and make one part of life just that little bit easier.
Wanda Rich has been the Editor-in-Chief of Global Banking & Finance Review since 2011, playing a pivotal role in shaping the publication’s content and direction. Under her leadership, the magazine has expanded its global reach and established itself as a trusted source of information and analysis across various financial sectors. She is known for conducting exclusive interviews with industry leaders and oversees the Global Banking & Finance Awards, which recognize innovation and leadership in finance. In addition to Global Banking & Finance Review, Wanda also serves as editor for numerous other platforms, including Asset Digest, Biz Dispatch, Blockchain Tribune, Business Express, Brands Journal, Companies Digest, Economy Standard, Entrepreneur Tribune, Finance Digest, Fintech Herald, Global Islamic Finance Magazine, International Releases, Online World News, Luxury Adviser, Palmbay Herald, Startup Observer, Technology Dispatch, Trading Herald, and Wealth Tribune.
-
-
FINANCE4 days ago
Revolutionising Treasury: How GenAI will Shape Strategic Finance in 2025
-
-
-
TECHNOLOGY4 days ago
Integrity360 accelerates further with Nclose acquisition
-
-
-
BUSINESS23 hours ago
Small Businesses Show Big Appetite for Personal Guarantee Backed Finance – Average PG Backed Loan rises 9% to £174k in Q4 2024
-
-
-
BUSINESS20 hours ago
Meredith Ruble’s Tips for Building Agile Finance Teams to Meet Modern Business Demands
-