Social Engineering News: SMiShing – Security Boulevard

SMiShing attacks continue to skyrocket as more companies transition to a remote/hybrid workforce. According to a Pew Research Center survey, 59% of American employees work from home all or most of the time. This transition means that employees are now more likely to use mobile devices such as a phone or tablet to access company information and accounts. Bad actors notice and exploit this addiction to mobile devices. They use mobile messaging apps and popular digital channels that help productivity or remote workers such as Facebook Messenger, WhatsApp, LinkedIn, Zoom, Microsoft Teams, Google Meet and Slack to facilitate attacks. Therefore, SMiShing is a threat that businesses can no longer ignore.

What is SMiShing?

The word SMiShing comes from the combination of SMS (Short Message Service), the original technology that launched mobile SMS, with phishing. Either way, the bad actor’s goal is to steal personal or financial information.

The following social engineering story shows how malicious actors exploit messaging apps and digital channels

A sophisticated team attack. As VentureBeat reports, a bad actor posing as a CEO who was known to be on a business trip to China, sent a WhatsApp message to several company employees asking them to join a Teams meeting. When employees joined the Teams meeting, they thought they were seeing the CEO live on video. However, it was actually a clipped video feed of the CEO from a past TV interview. To make the fraud more convincing, the bad actor added a fake background to make it look like the CEO was really in China. Now, for the twist, there was no audio stream for the Teams meeting. The “CEO” explained that he was having trouble with the audio stream and told employees that “since I can’t get this to work, send me the info on this SharePoint link.‘”

Image: VentureBeat

Test, educate and protect with our managed SMiShing service

How can you protect your business from SMiShing attacks as mentioned above? It is important that your employees can identify an attack. At Social-Engineer, LLC, our fully managed, enterprise-scalable program measures and tracks how your employees respond to text-based phishing attacks with data-driven targeting and training. Our fully managed SMiShing service offers custom templates, bespoke chess-based training, and comprehensive reporting. To schedule a consultation, please contact us today.

*** This is a syndicated Security Bloggers Network blog from Social-Engineer, LLC written by Social-Engineer. Read the original post at: