Businesses want to connect to their users and meet them where they are. One growing way to communicate to them is through text messages including providing coupons, recent news, and other marketing materials. When these marketing efforts are unwanted by the customer, this is when they cross the line into the SPAM category.
SPAM has taken many forms throughout history such as junk mail in your mailbox and robocalls. Then, with the birth of the internet, digital SPAM emerged in the form of email and has now expanded to the web, social media, text messages, and more. These digital spam efforts are very easy and low-cost methods to reach large amounts of people.
Legitimate businesses honor and respect this line between wanted and unwanted communications through opt-in/opt-out and subscribe/unsubscribe capabilities to allow users to manage how and when they want communications. But beyond managing the sheer number of text communications, what happens when a malicious actor decides to use these texting techniques to target you with a phishing expedition?
SMiShing is phishing that uses texting to lead you to fake websites and phone numbers that imitate real companies. This is a type of social engineering that fraudsters use to get personal information from you with malicious intent.
Today, phishing is the number one security threat and the worst part is- when it comes to phishing attempts on a mobile device, it works! For example, according to Lookout, 56% of mobile users have received and tapped on a URL that bypassed existing layers of phishing defense. And on average, a user will click on approximately six phishing links from their mobile device each year.
You may be asking yourself, how could someone be fooled by these? Part of the reason is the form factor of a mobile device which makes it harder for the user to spot these social engineering techniques. Another reason is we’re often in a hurry or distracted while using the mobile device. And finally, many people believe they are safer on their mobile device than traditional laptops and desktops which in today’s world may not be the case.
Mobile device manufacturers, wireless carriers, and regulators have all been working closely together to curb the issues around SPAM and SMiShing. For example, AT&T monitors the network 24/7 and supports legislation to end text spam. Also, AT&T will never ask someone to send personal or account information via email or text message. But with many types of security efforts, combating social engineering attempts like SMiShing is a shared responsibility, and both the individual and business owners need to take measures to help protect themselves and their data.
AT&T is vigilant about protecting customers from unsolicited text message spam but there is no simple fix to block these. As individuals, we can all take certain steps to help protect ourselves such as:
Businesses are just as susceptible to SMiShing and arguably even more than an individual. Malicious actors target businesses to access large data sets of personal information stored by a company which can be far more valuable than any one individual user. Businesses need to be vigilant in protecting against these possible SMiShing attacks so that employees receive less of them and when they do accidentally click on them, which based on data they will, that confidential data isn’t compromised.
At AT&T, we recommend that customers use Unified Endpoint Management (UEM) with a Mobile Threat Defense (MTD) solution that will help protect against malicious links regardless of the source: text message, chat, email, social media, etc. AT&T offers both Unified Endpoint Management (UEM) and Mobile Threat Defense (MTD) solutions as well as security consulting and managed security services. To learn more, review our endpoint security solutions and contact us for help customizing a solution to meet your needs.