Well we have Phishing, what exactly is Smishing?
For those that have a smart phone, or any phone that is SMS enabled (Short Messaging Service) or ‘texting’ are susceptible to this sort of attack vector. A hacker sends a txt message that impersonates a real establishment, the government tax agency or your employer. There are likely goals that the hackers are looking for but any of them are not up to any good. They want your business data, your critical customer information and they want to exploit.
Here are some things to think about and why they might want access via your cell phone:
- if they have found a real person that responds then they are very good at tricking you to follow along a deeper and longer attack that will ultimately end by giving up some information that will help them break further behind your defenses.
- they can install monitoring software the monitor your key clicks
- they can re-route web browser traffic to a hacked site that impersonates a real site you visit
- they can use your mobile phone VPN credentials and redirect networks over the cell network into your business LAN (bypassing your firewalls)
- once they have access to your cell phone they can use your number to beat 2 factor authentication (2FA) by reading and intercepting real SMS messages from your banking or other business resources
- they can port away your cell phone number
- they can become your identity and impersonate you at your credit card, bank or employer
The list goes on and on. Protect yourself and your business by getting educated. If you would like to speak with one of our team members about the risks of Smishing and other attack methods, we would be happy to talk with you. Reach out to us at 905-524-2001 or firstname.lastname@example.org to set up a conversation.
Here are some examples, please note that these are unfiltered for the purposes of education but real examples received last week of Jan 7, 2023.
NetAccess Security Awareness Training – NetAccess provides a comprehensive human security training program via it’s KNowBe4 partnership
https://en.wikipedia.org/wiki/Phishing#SMS_phishing – WikiPedia on Phishing