Over the last decade the world has become vulnerable to the few that wish to exploit the human element. People are the most vulnerable piece of the puzzle when it comes to data loss. Organizations have looked to technology to mitigate their risk and although it does help control their risk, it is still critical to look at the source of the vulnerability and attempt to “seal the leak”.
Phishing is one of the largest and most successful methods cyber criminals use to gain access to credentials, deploy malware, gain access to internal systems, etc. This has only increased because of their continual success; however, it is getting harder. Cyber criminals are begin challenged to change their messaging, to be more targeted, and to do what it takes to get through the SPAM filters. And most important, people are getting smarter. They are more skeptical when they receive an email from an unknown person. But the plethora of data breaches have given these cyber criminals the data needed to break down that skepticism.
Once information is made available on the dark web, cyber criminals can link different data points together to develop targeted attacks against individuals. For example, nefarious actors may also have access to information about workplaces, schools, or other businesses that have been breached. By combining this information, they can learn a lot about a person and fabricate emails that seem legitimate. And it only takes one click.
Cyber criminals spend most of their time trying to find the easiest victim. People are more aware of phishing scams, and many will look at emails more closely. Cyber criminals know this and now their next step is to change it up and send a text or email posing as a company you trust, or even a person you know personally, such as your boss or coworker. Adding smishing, phishing using SMS/text messaging, to the puzzle, it starts to break down the walls of skepticism.
For example, if you are a user of social media such as LinkedIn or Facebook, you have already published key pieces of data about yourself. Next, the data breaches that have already occurred have given additional information to these criminals to be used together to make a more targeted list. Let’s say you are responsible for sending large sums of money on behalf of the company you work for, which can be determined by your job title, you may not even think twice if you get an email with wire transfer instructions from someone who appears to be your boss. Cyber criminals can use similar tactics to convince you to divulge passwords and other credentials for bank accounts, PayPal, or other accounts that could allow them to commit fraud or access the money in your accounts. If you are well trained and educated about phishing, you may not move forward with an email alone; but would you have the same reaction if you received a text message or if you received an email and a text message that seems to confirm it?
The trend of smishing is on the rise and the technology that is there to try to filter out SPAM in your email is not there for your text messages. Cellular providers are going to be faced with a battle to attempt to stop the delivery of these types of messages. Smishing is a reality, and everyone should understand that this is the latest tactic, so be vigilant.
Regardless of Phishing or Smishing, here are some tips to try to avoid falling prey:
|cookielawinfo-checbox-analytics||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".|
|cookielawinfo-checbox-functional||11 months||The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".|
|cookielawinfo-checbox-others||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.|
|cookielawinfo-checkbox-necessary||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".|
|cookielawinfo-checkbox-performance||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".|