One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 2003468 |
| Date de publication | 2020-10-30 05:01:00 (vue: 2020-10-30 05:06:17) |
| Titre | What is Smishing? SMS phishing explained |
| Texte | This blog was written by a third party author. What is SMS phishing? SMS phishing, or “Smishing,” is a mobile phishing attack that targets victims via the SMS messaging channel rather than through email. A natural evolution of the phishing phenomenon, smishing attacks attempt to dupe mobile users with phony text messages containing links to legitimate looking, but fraudulent, sites. These smishing sites try to steal credentials, propagate mobile malware, or perpetrate fraud. Though smishing has crept into users' text messaging streams for over a decade now, the technique has long flown under the radar with relatively small global attack volumes over the years. However, that's changing as cybercriminals seek to profit off of today's mobility and remote work trends. Approximately 81% of organizations say their users faced at least some level of smishing attacks in 2019. Right before COVID-19 hit, smishing volume was already on the uptick. Between the last quarter of 2019 and the first quarter of 2020, mobile phishing attacks—including smishing—rose by 37%. As the lockdown era spurs on a wave of remote work and increased reliance on mobile devices, smishing numbers continue to climb. One study reported a 29% growth in smishing between March and July 2020. "On a small screen and with a limited ability to vet links and attachments before clicking on them, consumers and business users are exposed to more phishing risks than ever before," says IDC's Phil Hochmuth. "In a mobile-first world, with remote work becoming the norm, proactive defense against these attacks is critical.” Common types of Smishing attacks The allure of smishing to the cybercriminal community has obviously grown stronger due to a greater prevalence of text messaging in mobile users' lives in recent years. However, the bad guys are arguably even more drawn to smishing due to the differences in how users interact with SMS messaging compared to email. The sense of urgency is higher for text messages and their open rates are considerably higher than email. According to MobileMarketer.com, while email recipients only open about 20% of their messages, SMS recipients open 98% of their texts. Consequently, big brands are increasingly using text messages rather than email for things like marketing messages, shipping verification, and account notifications. Added to the mix is the preference for SMS as a channel for multi-factor authentication, meaning that many mobile users have been habituated to interact with text messages in some way or other during the login process of many of their cloud, retail, and banking accounts. All of this creates a prime breeding ground for smishing attackers to perpetrate their fraud, as users are highly engaged with and very likely to act quickly on most text messages that come their way. The bad guys take advantage of that sense of immediacy and tailor the attacks to mimic the various ways that brands regularly interact with customers via SMS. Listing common SMS phishing tactics Some very common types of smishing messages include: Fake shipping notifications Tech support impersonation Phony bank account balance warnings Counterfeit customer service notices Prize notifications for made-up rewards Bogus Covid-19 contact tracing messages These messages are used to trick the user into either downloading a fraudulent app or opening a link to password stealing or fraud-inducing mobile sites. Further aiding the |
| Envoyé | Oui |
| Condensat | “smishing as 2019 2020 7726 ability about access according account accounts act actual added address advantage against aiding aim all allure already also anti app application applications approximately apps apps—to are arguably assets attachments attack attacker attackers attacks attacks—including attempt attempts authentication author automated aware awareness bad baked balance bank banking bar because become becoming been before between big block blog bogus brand brands breeding built burden business businesses but bypass called can careful centralized certain changing channel clicking climb cloud code codes com come common commonly commonplace communication community compared compromised connected consequently considerably consumers contact containing continue corporate counterfeit covid creates credentials crept critical customer customers cybercriminal cybercriminals dangers data decade deception defense defenses destination device devices differences distribute domain don't downloading drawn due dupe during ease educated either email emphasize employees encouraged endpoint engaged engineering enter entire era even ever evolution explained exposed exposure faced fact factor fake first flown forward fraud fraudulent from functionality further global greater ground grown growth guard guys habituated has have help helps hide higher highly hit hochmuth how however hyphens idc's ideally identify immediacy impersonation importance include include: increased increasingly inducing industry information integrated interact its itself july know last least legit legitimate level like likely limited link links listing lives lockdown login long looking made malicious malware management many march marketing may meaning messages messaging mimic mind mix mobile mobilemarketer mobility more most multi must natural network networks new norm not notices notifications now number numbers obscures obviously occurs off offending one only open opened—such opening organization organizations other over overlay overlays owned padding part party password perpetrate personal phenomenon phil phishing phone phony place platforms pop potential preference prevalence prime prize proactive process processes profit programs propagate protect protection protections provider publicize purpose put puts quarter quickly radar rates rather real receive recent recipients regular regularly relatively reliance remediation remote report reported rest retail rewards right risk risks savvier say says schemes screen security seek sense series service shipping short shortened should showed shows simulate simulations sites small smishers smishing smishing—rose sms so—users social software solution some sometimes spam specialized spurs stand steal stealing streams stronger study such support suspected tactics tailor take target targets teach teams tech technique techniques technology text texts than that's them then these things third though threat through time tiny today's tools tracing traditional trained training trends trick try two types under unexpected universal unknown unsolicited unsuspecting uptick urgency url urls use used user users users' using various vectors verification very vet victims visible volume volumes want warnings wave way ways what when where whether which wireless work works world written years |
| Tags | Threat |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.