Scammers Shifting to Business SMS “Smishing” Attacks

As fast as online scams are blocked, Scammers are finding new ways to attack and penetrate networks and systems. Scammers are now shifting to SMS platforms as they execute Business Email Compromise (BEC) attacks, since text messaging offers less visibility to the victim and more flexibility to the attacker.

BEC attacks have traditionally centered around email exchanges, although phone calls and text messages can play a role. Attackers send an initial email requesting the victim’s phone number, and the rest of the scam takes place via text message.

By moving from email service over to cell phone messaging, the scammer is delivering a package to their victim with all the details and functionality needed that usually includes an emailed link leading to a task that needs to be completed such as changing a password or confirming an account. Mobile devices offer instant and direct messaging that enables scammers the ability to access email, take pictures all with far greater portability than a laptop increasing the chances that the scammer will be successful in achieving their desired outcome.

While SMS-based phishing, or ‘smishing’, is nothing new, attackers are seeing the advantages of utilizing mobile devices for more elaborate scams. Techniques employed by scammers are also quite diverse. Attackers are often able to convincingly impersonate users and domains, bait victims with fake cloud storage links, engage in social engineering and craft attachments that look similar to ones commonly used in the business organization.

Network Innovations protects our internal teams and we advise our partners and clients to be cautious and never click on links given out over SMS or other mobile messaging apps.