Have you received a text from a random number in the last few days? Perhaps the text looks quite obviously suspicious, but it could pass as legitimate – especially if you are distracted or multitasking while scrolling through your device. The text contains a link asking you to confirm the delivery or receipt of a package. Or it tells you that you have just paid a bill. Or need to pay an outstanding bill. Or it could just be advertising a random product. These texts are actually scams that have been dubbed “smishing” – combining “SMS” and “phishing” – and your employees are no doubt receiving them, too. In a remote-work era where a multitude of attackers are attempting to gain access to your company network through digital vulnerabilities, the time is now for employers to guard yourself against this latest weapon in the cyberwar raging all around us. What are the five steps your organization can take today to best prepare?
What is Smishing?
“Smishing” is a version of phishing carried out over SMS (short message service, commonly known as texting) channels. The senders of these malicious texts are trying to get hold of personal information, passwords, and money.
Smishers start by sending a text impersonating a reputable company. Typical smishing attempts specifically involve using the name of common parcel carriers informing you that your package has been delivered, or fake texts seemingly coming from a bank, company vendor, or other common company name. The messages almost always have a link. Unfortunate recipients who click that link will often end up having unsuspecting malware downloaded to their devices, or will be lead to a legitimate-looking form to “log in” and voluntarily provide a trove of valuable data.
Smishing is the New Cyberattack
There is ample evidence indicating a rapid increase in smishing attempts. Smishing attacks increased 24% in the U.S. alone and 69% globally last year. According to data from the Federal Trade Commission, 21% of fraud reports that were filed in 2021 involved smishing. That’s 377,840 out of the total 1,813,832 reports that identify a contact method. Of those hundreds of thousands of claims, a total of $131 million was lost, with an average of $900 per report.
Work-from-home and hybrid work arrangements have led your employees to use their mobile phones and company devices at an increasing rate. This has led many of these smishing attacks to have a workplace component.
What Can Employers Do? A 5-Step Plan to Combat Smishing
So what can you do to address this latest cyber-concern? Here are five steps your organization can take to put yourself in the best position.