As the world evolves to become more digital, so do scammers. While many diligent business leaders are aware of phishing or email scams, few have heard of SMiShing. SMiShing is an adapted form of phishing, wherein scammers utilise SMS messages to achieve their goals. Just like phishing, scammers will imitate large and trusted corporations to obtain personal information from people.
Criminals prefer SMiShing as users tend to trust text messages more than their emails, viewing them as more personal and reliable. Like many similar scams, the aim is to prey on a person’s ignorance or ignite a sense of urgency. A smishing scam message could be disguised as a warning from a bank and include harmful phone numbers or links. Once a victim falls for their bait by clicking or calling, they are sometimes even enticed into downloading malware. The end goal is to obtain account information and finances.
Unfortunately, a local Mackay resident has recently fallen victim to this type of scam. The victim – a senior citizen approaching retirement – has lost their life savings of $40,000. As described above, the scammers preyed on the victim’s concern by sending a fraudulent message about suspicious bank activity. When the victim fell for the bait and contacted the scammers, they were coached into incremental transfers that totalled $40,000. The scammers also gained remote access to the victim’s computer, obtaining personal and identifying information. The situation was only halted due to the intervention of a local bank employee.
While this may seem like a residential issue, imagine if the victim in the above scenario was in a position of financial authority in their workplace? What if they had banking information for the business finances too? This could lead to an even larger loss to a business. All in all, a business is made up of individual people – the most valuable yet challenging aspect of cybersecurity.
According to Ponemon Institute, 64% of the attacks covered in their survey could be traced back to the negligent behavior of a staff member or contingent worker.
With this background, you should now understand the threat of SMiShing and be asking yourself what steps you can take to protect your business from a SMiShing attack. As discussed, this needs to be addressed at an individual level.
We have prepared this helpful infographic breaking down some great tips on avoiding a SMiShing scam. Why not print it out for display or send it in a quick email to your team?