The word ‘SMiShing’ may sound like gibberish — we think it’s a weird one — but some of the world’s largest enterprises are losing millions of dollars to these scams every year.
Similar to phishing, the fraudulent act of sending imitation emails claiming to be a corporation in order to obtain personal information from customers, SMiShing uses SMS (short message service) to achieve the same outcome.
Scammers are taking to SMS to prey on people’s trust, (A text message feels more personal than an email nowadays.) panic or sense of urgency. These messages are disguised as a warning from your bank about an unauthorized charge or an alert about an unidentified user accessing one of your accounts. The goal? To lure you into providing account information — such as a login name, password or credit card info — by tapping on a link and entering your information into a look-alike website.
SMiShing is only one tactic used to steal personal information. People must also be wary of the following:
- Spoofing: Hackers set up fake connections in high-traffic areas such as airports, libraries or coffee shops and use a generic name to encourage people to connect. Often times, users must create an “account” and include some sort of personal information in order to connect. As many individuals use the same email and password combination for a variety of services, hackers use this to compromise their email and other secure information.
- SIM swap attacks: This is one of the fastest-growing and most devastating fraud vectors tormenting consumers and organizations alike. According to Javelin Strategy & Research, in 2017 account takeover attacks via SIM swaps cost Americans 62.2 million hours of lost time and $5.1 billion in monetary losses. Organizations that fail to protect their users may find themselves liable (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/security-awareness/caught-smishing-scam/