How text message phishing can affect the enterprise
Phishing is a digital threat that has grown since the birth of the internet, and it has evolved to encompass a broader range of endpoints and vectors.
An organization’s security strategy needs to encompass the potential for phishing attacks from all sorts of methods, including texts and phone calls on mobile devices.
Phishing targets victims via email, texting and other forms of messaging to pose as a legitimate organization to get a victim to reveal credit card details, passwords or additional sensitive information.
As a method of cyber attack, phishing began with the birth of email and the commercial internet in the mid-1990s. This type of hacking continues to grow into the 2020s, with social media, voice and phishing text messages becoming the most popular attack mechanisms.
Why is text phishing rising in popularity?
Phishing text messages are a logical evolution of the spoofing phenomenon. SMS or text phishing, often called smishing, targets victims via text messaging rather than the traditional email approach.
The COVID-19 pandemic has led to many employees working from home, further separating them from an IT department, the corporate network and organizational security protocols. This opens up a new level of threat for mobile phishing scams.
Smishing attacks are soaring, with criminals impersonating everything from banks to governments. The goals of these attacks range from accessing people’s bank information to downloading malware onto users’ cellphones. However, from an organization’s perspective, the biggest risk is hackers infecting the corporate network.
Smishing attacks have increased nearly 700% in the first six months of 2021, according to software company Proofpoint. In addition, 45% of people reply to texts, whereas just 6% respond to email messages, according to Gartner. This makes smishing a prime attack vector for hackers.
A phishing text message can resemble an innocent notification that someone might receive from a package delivery company, a bank or a local government agency. The aim is to get you to click on a malware link embedded in the text or reply with bank details, a…
