Phishing is known to almost everyone today. Data theft by email has already made life difficult for many private individuals and companies. But now comes Smishing.
In the course of digitization and with the pandemic as a driver, mobile devices are becoming more important in every company, be it the office cell phone in the home office or mobile devices in production. Cyber criminals know this too, so they are looking for new ways to dupe users with false information. The new scam: smishing.
What exactly is smishing?
Working from home or on the go is increasingly becoming part of everyday life for many professionals. For many activities, you don't need more than your company smartphone and laptop to do your daily work. Production processes are also increasingly being controlled by mobile devices and are opening up completely new opportunities for hackers to access company data beyond email phishing. The optimal gateway is a mobile device. This new way of spreading malware is called smishing - a combination of the terms “SMS” and “phishing”. The term includes all attempts at fraud via SMS, WhatsApp and other messenger services by which criminals try to spread malware or access sensitive data.
Why is smishing so dangerous?
Where users look twice at emails due to years of experience, they often lack a critical eye when they receive a text message via SMS on their cell phone. Smishing is still quite unknown, which is why the potential victims run the risk of clicking on a link that leads to a deceptively real fake website. This is exactly what makes these devices a popular target for hackers. In addition, phishing attacks have become more and more sophisticated in recent years, which is why these attacks are so successful. Fake SMS are copied almost 1: 1 from messages from well-known companies and thus give the recipient a serious impression. For example, alleged messages from a shipping company that contain a fraudulent tracking link. Smishing is becoming a very lucrative concept for cyber criminals.
How can you protect yourself?
Mobile devices are just as high a risk as the email inbox on the desktop computer. Security officers must also take measures for mobile security accordingly. While employee training can prevent many attempts at smishing, companies shouldn't rely on them alone. Those who rely solely on the constant attention of their employees run the risk of having to face the sometimes serious consequences. In the worst case, phishing attacks can bring entire companies to a standstill. Hackers have found a new backdoor in text messaging that companies urgently need to block from the start. The implementation of a comprehensive security concept that also takes mobile devices into account is essential. The new types of attacks can be detected and remedied by Unified Endpoint Management (UEM) across all mobile threat vectors. Trusting your employees is good, but sophisticated attacks require an equally well thought-out zero trust strategy so that a fleeting mistake doesn't turn into a full-blown problem.
More on this at MobileIron.com
About MobileIron MobileIron is redefining enterprise security with the industry's first mobile-centric zero trust platform built on top of Unified Endpoint Management (UEM) to secure unlimited access to and protection of data across the enterprise. Zero Trust assumes that cyber criminals are already on the network and that secure access is determined by a "never trust, always verify" approach. MobileIron goes beyond identity management and gateway approaches by using a broader set of attributes before granting access. A mobile-centric zero trust approach validates the device, establishes the user context, checks the authorization of applications, verifies the network and detects and corrects threats before a secure access to a device or a user is granted. The MobileIron security platform is built on the foundation of the award-winning and industry-leading Unified Endpoint Management (UEM) capabilities with additional zero-trust enabling technologies, including zero-sign-on (ZSO), multi-factor authentication (MFA) and mobile threat Defense (MTD). Over 20.000 customers, including the world's largest financial institutions, intelligence services, and other highly regulated companies, have chosen MobileIron to provide a seamless and secure user experience by ensuring that only authorized users, devices, applications, and services access corporate resources can.