Smishing Anyone?
Smishing is almost identical to phishing. A phishing attack uses email to entice you to click. Once you click, they can steal your identity, install malware, and potentially do much more. Smishing, in contrast, uses an SMS message. It is a very targeted exploitation of our mobile platforms and relies upon the fact that these platforms have instantaneous access to a browser. The attack rapidly moves from a bogus SMS message to a penetration of your online banking system, email, and other online accounts. Many consumers are attuned to watching our email. We know what email phishing is common and we are sensitive to it. SMS messages are treated differently. We react to them faster and we almost *always* open each and every message. As an attack vector, it has a much higher probability of success since we are generally more trusting of SMS messages. The obvious needs to be stated – never, ever give out any account information of any kind to someone that sends a text message. This verboten list should include passwords, usernames, pin codes, SWIFT banking codes, or anything of the sort. Beyond protecting your account data, absolutely don’t click on the links in suspect SMS messages – this will immediately compromise your entire mobile device. Then the cyberthieves will have access to everything you do on your mobile device. If you are a business user, this mobile device can now enable the cyberattackers to compromise your entire business networks. We have seen entire health care networks compromised due to the click of one link in a smishing attack. Finally, two-factor authentication is a must for all of your social media accounts, email accounts, and online accounts. Many times online services offer two-factor authentication, but users don’t take advantage of it. A good example is Gmail – many users, both consumer and business, use Gmail servers and don’t take the time to set-up the excellent security that Google offers with two-factor authentication. Take advantage of it!
*** This is a Security Bloggers Network syndicated blog from CipherCloud CASB+ Platform | Enterprise Cloud Security authored by CipherCloud. Read the original post at: https://www.ciphercloud.com/blog/smishing-anyone
