Part 1, Hikvision Senior Director of Cybersecurity on Smishing Hacks: Cyberattack Sees Increase, Targets Vulnerabilities
In recent blogs, Hikvision senior director of cybersecurity Chuck Davis covered phishing hacks and malware related to the coronavirus, and tips to avoid them. In today’s blog, Hikvision’s Davis discusses an increase in smishing—a phishing hack that uses text messages to target vulnerable parties.
Smishing
Smishing attacks are on the rise and we are all vulnerable targets. Smishing is not a new tactic but given that worldwide mobile device traffic is up 222 percent in the past seven years, it isn’t surprising we’re seeing an increase in attacks targeted at mobile devices.
According to the 2020 State of Mobile Phishing report by Lookout, “Quarter over quarter, there is an upward trend in mobile phishing over the last 15 months. Most notably, there’s almost a 37 percent jump from 4Q2019 to 1Q2020.” The report also shows that smishing and mobile phishing threats could cost an organization with 50,000 mobile devices as much as $150 million per year.
What is Smishing?
The term smishing is a portmanteau that combines the term SMS (text messaging) and the word phishing: SMS + phishing = smishing. As you may have guessed, smishing is phishing that uses SMS and similar types of text messaging.
Despite the name, smishing does not have to be delivered as an SMS text message. Smishing attackers will use any form of text or chat messaging that they can, such as Facebook Messenger, WhatsApp, GroupMe, Discord, Slack, or any other text-based mobile application or service. Attackers’ attraction to use smishing is about the increased use of mobile devices and the way that we use them. Below are four more reasons why smishing is popular and successful.
- Mobile device users are more likely to be on the go and less likely to have their guard up.
- Generally, people are familiar with phishing attacks and don’t think about those same attacks coming through chat tools.
- It is more difficult to identify a malicious or suspicious link on a mobile device due to the small screen and difficulty in revealing the true destination of links.
- Many links being delivered through chat tools and social media are shortened URLs which don’t allow the recipient to scrutinize if the URL is suspicious, unless they use a third-party URL lengthening tool.
Check back tomorrow when Hikvision will post examples of smishing hacks, and how to avoid becoming a victim of them.