Phishing attacks have long been associated with malicious links in an email that redirects an employee to an unsecured website, or an impersonator using the old-fashion telephone call to lure an unsuspecting employee to give critical business information.
While these phishing attacks have been around for some time, there is an ever-increasing threat that is rising in frequency over the past few years that business should be concerned about: SMS Phishing, or more commonly known as “SMiShing”.
In fact, according to Secure List, Kaspersky Lab data suggests SMiShing rates increased 300 % between April and June 2017 alone.
Compared to traditional email phishing, SMiShing is a kind of mobile phishing attack wherein the attacker sends a text message with a single link to a fake account login page. For example, an SMS text message seemingly from your bank may ask you to urgently verify your PIN number so they can ensure your account has not been breached; or a notice from the IRS that your filing is overdue and just click here to send in your information and avoid prosecution.
Why Is Phishing on the Rise?
Although SMiShing is nothing new, recent trends show that it is quickly gaining traction for several reasons.
First is the fact that most email platforms today are better at detecting phishing emails. The same level of development is yet to be seen in commercially available text messaging apps.
Second, the number of companies who have a BYOD culture has increased over the years. This means the attackers know they can exploit corporate resources by breaching personal devices, given that only 13% of companies reported having a policy in place to limit the use of texting for work-related tasks.
Lastly, there have been several data breaches in recent years where mobile phone numbers were compromised and possibly were sold in criminal markets along with other personal data. This includes the 2016 Uber breach incident which potentially exposed the personal information of their 57 million users and drivers worldwide.
How to Protect Your Organization Against Smishing?
SMiShing is said to be one of the most difficult attacks to monitor and deter. One reason for such is “user fatigue”. Given the volume of text messages an average employee receives per day, attackers exploit their target’s complacency to their advantage to steal information.
Nevertheless, companies can still reduce their risks by taking the proactive approach and setting up necessary policies and putting systems in place to bolster up their enterprise text messaging network.
Here are some more tips to help minimize your risk against SMiShing:
- Provide training which includes simulation exercises in order to increase employee awareness and improve user behavior and knowledge of information security threats. A survey by Wombat Security Technologies revealed that only 16% of all respondents knew about SMS/text-based phishing.
- Have BYOD policies in place, which should detail what your employees must do when they receive text messages that ask them to perform some action, such as clicking a link, calling a phone number, or even replying.
- Lastly, having a secure enterprise messaging solution in place — to monitor and track any traffic directed at phishing sites — can significantly minimize your risk of SMiShing. This platform should enable you to capture text messages received by your employees on their mobile devices, and search for flagged terms and suspicious links in real-time.
TeleMessage is a robust, secure enterprise messaging solution that features built-in protection against malicious links by restricting use solely to authenticated users. It also provides centralized control over the mobile communication taking place within your business. This feature helps ensure that when your employees receive a message from C-level executives of your organization, they can be sure it’s from them and not from imposters.
Our Mobile Archiving Platform should also enable you to capture and supervise text messages across a wide variety of devices – BYOD or company-owned. With this platform, enforcing granular policies and flagging and reviewing text messages will be much faster, simpler, and consistent in the long-haul.
Contact us today to learn more about our enterprise messaging solutions.
