Verizon has renewed its warnings to customers about the threat of smishing, a social engineering approach that relies upon texts as opposed to other communication channels like the email used in phishing. The smishing problem may be smaller than the phishing problem, or the robocall nuisance, but it represents a comparable threat that organizations should address in their risk management process.
SMS texts can have an immediacy that exceeds that found in other communications. They tend to be quick, terse, and largely devoid of context. Fear of losing access to an account, concern to help someone who appears to be in trouble, all of these are easily prompted by texts and they can induce recipients to suspend, temporarily, their critical faculties.
Verizon offers a few common sense red flags
- “The message has no relevance to you. The message is completely random, unprompted and has no connection to you or any activity you’ve undertaken. The spam text message will say you’ve won a contest, a prize or free money. An increasingly popular text scam is one which says there’s a delivery issue with a package.”
- “The message is urgent or needs immediate action from you. The message is urging you to act now. These types of fake text messages could pretend to be your bank or a government agency.”
- “The text message contains misspellings or poor grammar. Spam text messages can be identified by poor grammar, misspelled words and awkward use of language. Real text messages from legitimate businesses will use proper grammar, punctuation and spelling.”
- “The text message is coming from a strange phone number or suspicious email address. If a text message is coming from a lengthy and/or suspicious looking email address it is a spam text message.”
- “The text message contains a suspicious link. This is a huge warning sign. If the text message contains a suspicious looking link, it is a text scam. Do not click on the link or follow prompts from these fake text messages.”
The point, of course, is to help users develop sound, skeptical habits. This is the sort of challenge that new school security awareness training can help organizations overcome.
Verizon has the story.
Free Phishing Security Test
Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.
Here’s how it works:
- Immediately start your test for up to 100 users (no need to talk to anyone)
- Select from 20+ languages and customize the phishing test template based on your environment
- Choose the landing page your users see after they click
- Show users which red flags they missed, or a 404 page
- Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
- See how your organization compares to others in your industry
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW