The word ‘SMiShing’ may sound like gibberish -- we think it’s a weird one -- but some of the world’s largest enterprises are losing millions of dollars to these scams every year. Similar to phishing, the fraudulent act of sending imitation emails claiming to be a corporation in order to obtain personal information from customers, SMiShing uses SMS (short message service) to achieve the same outcome. Scammers are taking to SMS to prey on people’s trust, (A text message feels more personal than an email nowadays.) panic or sense of urgency. These messages are disguised as a warning from your bank about an unauthorized charge or an alert about an unidentified user accessing one of your accounts. The goal? To lure you into providing account information — such as a login name, password or credit card info — by tapping on a link and entering your information into a look-alike website. SMiShing is only one tactic used to steal personal information. People must also be wary of the following:
About the Author: Matt Brown oversees Voxbone’s range of cloud-based communications services that allow businesses to easily establish a local, compliant, cost-effective presence and effectively reach new markets across more than 60 countries. Matt is a master of innovation and brings this expertise to the communications space after working in the fintech and cybersecurity industries. He recently led product development for Payfone, a leading digital identity and authentication platform, and co-founded multiple startups, including Tengo, Inc. In April 2018, Brown was issued his fourth patent in the telecommunications space, the latest pertaining to his work on digital identity authentication. When he isn’t thwarting spam and smishing efforts or tackling the complications of the CaaS space, he can be seen inconspicuously carrying a thermos whose contents are only known to a select few people that have been sworn to secrecy. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
- Spoofing: Hackers set up fake connections in high-traffic areas such as airports, libraries or coffee shops and use a generic name to encourage people to connect. Often times, users must create an “account” and include some sort of personal information in order to connect. As many individuals use the same email and password combination for a variety of services, hackers use this to compromise their email and other secure information.
- SIM swap attacks: This is one of the fastest-growing and most devastating fraud vectors tormenting consumers and organizations alike. According to Javelin Strategy & Research, in 2017 account takeover attacks via SIM swaps cost Americans 62.2 million hours of lost time and $5.1 billion in monetary losses. Organizations that fail to protect their users may find themselves liable for billions in lost funds.
- Bluejacking: A hacking method where hackers can send anonymous messages to Bluetooth-enabled devices within a certain radius. First, hackers scan the surroundings in search of other Bluetooth-enabled devices then send an unsolicited message to a detected device in hopes to connect and gain control of the device.