Criminals have become more complicated in their efforts to dupe and steal from their unwitting victims. While this is already a given and should not come as a surprise, it still needs to be pointed out again and again as these criminals continue to be brazen in their activities.
One such example of this brazenness is the rise of smishing.
Smishing is perhaps a term that many are not familiar with but once one learns the definition, it is something many know too well. The term itself is a combination of the words SMS and phishing, in which dubious parties would send text messages appearing to be from a colleague to deceive recipients into sharing information or money that these criminals can use for their own benefit.
One example would be an employee who would receive a message supposedly from their boss asking to provide some sensitive information for an important transaction the criminal in disguise is trying to accomplish. Or one impersonating as an IRS agent in a message threatening to shut down the business unless the business pays a specific amount.
A growing threat
Unfortunately, smishing has victimized many, and criminals managed to amass millions as a result. In the United States alone, smishing attempts more than doubled in the last year according to the "State of the Phish" report by Proofpoint. Contributing to this rise is the finding that 64% said they use personal phones/smartphones for work purposes.
This is contrary to the global findings wherein 73% of global respondents said they use employer-issued devices for work, which entails that businesses have greater control over their team’s devices and thus can easily implement security measures to crack down on smishing attempts either on the onset or before they can victimize anyone in the team. By contrast, businesses would have little (if any) control on personal owned devices, leaving these devices to be more vulnerable to cybercriminal activities.
The best defense against smishing
At the moment, the technology that would effectively deal with smishing is yet to be fully realized. So for now, the best way to avoid falling into such traps is to for such smishing scams is to pause before clicking on any links and/or providing the information requested by a possibly dubious party. Verify first the veracity of the request. If there is a suspected assumption of a false identity, do not respond or end the conversation and get in touch with the person themselves to see if they made the contact.
Vigilance remains the most important defense and no one should allow themselves to let their guard down, not even for a minute.