Cyberattacks via SMS messaging are on the rise, and are having such an impact, the Federal Communications Commission has released an advisory on Robotext phishing attacks (or smishing).
According to Verizon’s 2022 Mobile Threat Index, 45% of organizations have suffered a mobile compromise in 2022 – that’s double the % of orgs in 2021. If you’re wondering if it’s purely a shift in tactics on the cybercriminal’s part, think again. According to Verizon:
- 58% of orgs have more users using mobile devices than the prior 12 months
- Mobile users in 59% of orgs are doing more today with their mobile device than the prior 12 months
- Users using mobile devices in 53% of orgs have access to more sensitive data than a year ago
And keep in mind that while there are plenty of security solutions designed to secure mobile endpoints, we’re talking about personal devices that are used as a mix of corporate and personal life. This makes for a very unprotected target by cybercriminals.
So, it shouldn’t come to any surprise that the FCC has put out an advisory warning about the increased use of robotexting-based phishing scams targeting mobile users, commonly called ‘smishing’.
Some of their warning signs include:
- Unknown numbers
- Misleading information
- Misspellings to avoid blocking/filtering tools
- 10-digit or longer phone numbers
- Mysterious links
- Sales pitches
- Incomplete information
We’ve seen smishing scams impersonating T-Mobile, major airlines, and even the U.K. Government. So consumers and corporate users alike need to be aware of the dangers of text-based phishing attacks – something reinforced through continual Security Awareness Training.