Skip to main content
SMiShing

SMiShing in Social Engineering News

By October 26, 2022No Comments

SMiShing uses SMS (Short Message Service) as the attack vector. The attacker’s objective is to trick the target into installing malware on their device, or to reveal account information. The attacker crafts a SMiShing message to make the receiver think the communication is from a familiar or trusted source. The bad actor then sends their target a SMiShing message containing a malicious link. The link, if clicked, redirects the target to a website under the attacker’s control. SMiShing is a social engineering attack because criminals exploit the target’s vulnerabilities; the desire to trust, to be helpful, or to act quickly on a perceived danger. SMiShing is a very real security threat to enterprises as 39% of employees now access corporate data on personal devices.

Twilio Reports SMiShing Attack

SMiShing attack on Twilio employees’ compromises employee and customer accounts. On August 4, 2022, Twilio became aware of unauthorized access to information related to a limited number of Twilio customer accounts. How did the attackers gain access? According to Twilio’s Incident Report, current and former employees received text messages purporting to be from Twilio’s IT (Information Technology) department. The SMiShing message suggested that the employees’ passwords had expired, or that their schedule had changed. The SMiShing message included a link that when clicked would take the employee to a URL (Uniform Resource Locator) controlled by the attackers. The URLs used words including “Twilio,” “Okta,” and “SSO” to trick the employees. If they clicked on the link, it would take them to a webpage that impersonated Twilio’s sign-in page.

SMiShing in Social Engineering News
Image: https://www.twilio.com/blog/august-2022-social-engineering-attack

Test. Educate. Protect. – Social-Engineer’s Managed SMiShing Service

The attack on Twilio highlights how malicious actors threaten information security by focusing their attacks on company employees. Are your employees trained to identify SMiShing attacks? Social-Engineer’s Managed SMiShing Service is designed to test, educate, and protect your human network. We apply scientifically proven methodologies to uncover vulnerabilities, define risk, and provide remediation. Our fully managed program measures and tracks how employees respond to SMiShing attacks with data driven targeting and training.

Please contact us today for a consultation.

 

www.Social-Engineer.com

Tags:

Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they don’t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they don’t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organization’s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organization’s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now