Thinking Skeptically About Smishing

Organizations need to train their employees to be on the lookout for SMS phishing (smishing), according to Jennifer Bosavage at Dark Reading. Bosavage explains that attackers exploit normal human behavior to gain access or information from employees.

“Cyberattackers leverage the way people typically respond to certain social situations to trick them into disclosing sensitive information about themselves, their businesses, or their computer systems,” Bosavage writes. “Even the smallest amount of data can be useful to hackers who are trying to complete a profile that will enable them to get access to credit, banking, and other sensitive information. So the first line of defense is to train employees to recognize their telltale but often subtle signs, as well as how their information can be used in a social engineering attack.”

Bosavage quotes April Wright, a security consultant at ArchitectSecurity.org, as saying that attackers can easily obtain open-source information to make their phishing messages appear legitimate.

“With both smishing and vishing, the source may have some information that makes them seem credible – names of co-workers, a boss’ name, phone numbers, department names, etc.,” Wright said. “These are the seemingly trivial information they have gained via intelligence gathering, [smishing], phishing, or vishing. The most important thing we can do is verify.”

Wright added that employees need to have a healthy sense of suspicion in order to recognize these scams.

“We need to realize that not everyone is good and be on the lookout for questions people don’t normally ask, for that feeling when ‘something isn’t right,’” Wright said. “That feeling has kept humans alive and safe for hundreds of thousands of years, and we should listen to it. It’s there to alert us to danger.”

New-school security awareness training can provide your organization with an essential layer of defense by teaching your employees how to avoid falling for these attacks.

Dark Reading has the story.

SOURCE: knowb4.com

Principal Owner, Marketing Firm

Bringing IT360 on as our technology services “department” was one of the smartest business decisions we’ve made. Over the years, we’ve tried various similar services and have also hired internal IT staff, and we’ve never felt confident that we were adequately supported. IT360 has changed all that. They not only provide proactive, comprehensive technical support and consulting, they engage with us in a way that feels like they are part of our company…a true business partner.

Principal Owner, Marketing Firm

Recent
Technology News

IT360 News
Vaccine Research Companies are the Target of New Ransomware Attacks

The U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) warns financial organizations to be aware of campaigns actively targeting vaccine companies If you’re a ransomware gang and you want to maximize your ransom, who do you attack? An organization working feverishly to potentially make billions of dollars via a desperately needed vaccine, of course! Take […]

Read more
IT360 News
[HEADS UP] Allowing Site Notifications Can be Very Costly

Krebs on Security reported that there have been an increasing number of websites asking visitors to approve ‘notifications’. In most cases these notifications are not malicious, but several firms are paying site owners to install notification scripts to sell to scammers. Normally, a website will ask permission to send notifications (as long as you approve […]

Read more