Social Engineering at Work: Part 4 – SMiSHing

warning sign on mobile phone

Social engineering is when “persuasion” takes a darker turn. In a broad sense, it includes any action that attempts to influence a person to act against their best interests. This is the last of a 4-part series on social engineering and how it affects your business.  We have covered Impersonation, Email Phishing, Vishing, and finally SMiSHing.

SMiSHing

SMiSHing applies phishing tactics through text messages.

Although this channel is less effective at convincing victims of the sender’s authority, attackers find other uses.

Fake shipping service in Japan

In an on-going SMS phishing attack in Japan, victims receive text messages claiming to be from a parcel delivery service. The message guides victims to a website with more information.

Rather than collecting information online, the site prompts users to send personal information via SMS.

A variation of the attack encourages victims to install a smartphone app. The mobile malware intended to collect login credentials and credit card info and send SMS messages to more potential victims.

SMS phishing via Atlanta

Two Romanian hackers were extradited to the U.S. in April for an elaborate phishing scam that leveraged SMiShing and vishing.

From Romania, the pair used compromised computers around Atlanta to send thousands of automated phone calls and text messages throughout the U.S.

The messages claimed to be from a financial institution and directed victims to call a phone number to resolve a problem. After calling, victims were prompted to enter their bank account numbers, PINs, and/or social security numbers.

The hackers collected more than 36,000 bank account numbers, according to court records.

What You Can Do About It

First, always be aware that these scams exist and keep your guard up. More importantly, partner with a trusted IT service company, who takes on the job of protecting your business from cybercriminals.

For more information, a security assessment, or help training your employees on cyber safety, call mPowered IT 678-389-6200.