Skip to main content
SMiShing

Social Engineering News: SMiShing

By January 19, 2022No Comments

Employees are increasingly accessing corporate information and accounts from their personal phones. As a result, SMiShing attacks now pose a serious threat to corporate information. How serious is this threat? Consider this statistic; 20% of energy industry employees were exposed to a mobile phishing attack in the first half of 2021. That is a 161% increase from the second half of 2020. Across the board, companies lost an alarming $54,241,075 because of social attacks including SMiShing according to the 2020 FBI Internet Crime Complaint Center report.

What is SMiShing?

The word SMiShing comes from combining SMS (Short Message Service), the technology behind texting, with phishing, the practice of stealing personal or financial information through deceptive emails. Basically, SMiShing is phishing but by another means, namely text messages on mobile devices.

Social Engineering News SMiShing

The following social engineering news stories show how criminals are SMiShing for victims.

  • A malware campaign dubbed TangleBot uses COVID-themed text messages in order to steal personal information and credentials. Reporting on this threat is Jacinta Tobin, vice president of global sales and operations at the Cloudmark division of Proofpoint. “With TangleBot, even if just one employee’s device gets infected, an attacker can launch either a widespread or spear-smishing attack.”
  • A SMiShing campaign impersonating the international parcel delivery firm DPD is making the rounds. Recipients receive a text that says: “DPD: We tried to deliver your parcel however no one was available to receive it. To arrange your redelivery, please proceed via: *link.” The link takes the recipient to a fake DPD website. The recipient is then instructed to supply personal information for a redelivery fee to receive their package.
  • Criminals combine social engineering tactics with SMS messages to install malware on Android devices. It all begins with a fake notification impersonating the Iranian Judiciary. The fake notification urges users to review a supposed complaint filed against them. Indeed, it’s all part of a widespread campaign to steal credit card details and money from victims’ bank accounts.

social engineering news smishing
Image: https://thehackernews.com/2021/12/researchers-warn-iranian-users-of.html

Test, Educate, and Protect

Your company’s best defense is to educate employees and ensure they understand the threats posed by SMiShing attacks. The Social-Engineer Teaming Service is a valuable tool that enables organizations to evaluate their unique attack surface to social engineering attacks. Upon request, we can include a SMiShing part to our SE (Social-Engineer) Teaming Service engagement. This will test your organization’s human network for their understanding of policies relating to SMS attacks.

Tags:

Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they don’t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they don’t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organization’s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organization’s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now