SMS phishing, or “Smishing,” is a mobile phishing attack that targets victims via the SMS messaging channel rather than through email. A natural evolution of the phishing phenomenon, smishing attacks attempt to dupe mobile users with phony text messages containing links to legitimate looking, but fraudulent, sites. These smishing sites try to steal credentials, propagate mobile malware, or perpetrate fraud.
Most of us can think of a time when we received a phishing email. In fact, most phishing emails are easy to identify, and automatically go to spam. However, in this ongoing pandemic, hackers are adopting advanced tactics that cleverly conceal their malicious intentions, and fly under the radar by leveraging the victim’s fear, anxiety, or plain negligence.
An investigation into a suspicious Facebook Messenger message led to the identification of an active Facebook phishing campaign seemingly resulting in victim accounts being abused by the threat actor to further propagate the phishing lure.
The past two years have seen a 391% rise in fraudulent attempts that target digital transactions around the world. The research carried out by TransUnion also saw a specific increase of 347% in relation to account takeover so the average consumer needs to up their understanding of financial fraud risks. When data breaches and cyberattacks occur, it impacts society in various ways like lowering consumer trust and damaging foreign politics.
A friend contacted me the other day about a scam call purporting to come from Amazon’s customer support department. She wasn’t home at the time, so the scammer left a message stating that a charge of $749 appeared on her account. Of course, she didn’t actually order anything for that price, and, although she suspected it was a scam, something about it caught her attention, so she called the phone number displayed on her caller I.D.
Payment fraud is exploding. So are false positives, customer friction and investigation costs. Unfortunately, as customers continue to pull us down the river of rapid digital transformation, traditional fraud detection systems are being left in the sand.
You can install the latest generation of security software to protect against evil hackers, but what is the use of it if your employees continue to follow phishing links? Several security companies conduct social and technical research of real-life phishing attacks aimed at different businesses and are impressed with the scale of the problem.
A friend of mine received an interesting piece of snail mail the other day. It was one of those inheritance scam letters that usually arrive in E-Mail. In summary, the author, a high-ranking bank official, has an unclaimed inheritance that he is willing to split with the letter’s recipient if the recipient will accept the responsibility of being appointed as the heir to the deceased’s money, etcetera, etcetera. As you can see, it bears all the earmarks of the traditional scam message.
Phishing attacks are a common attack vector for financial services organizations. Effective and simple to launch, phishing attacks challenge financial firms to protect their mobile workforce and harden their customer-facing apps. Mobile phishing, in particular, bypasses traditional perimeter defenses such as secure email gateways by targeting users via personal email, SMS and social messaging apps.
Phishers leveraged fake automated messages from collaborative platform Sharepoint as a means to target users’ Office 365 credentials. Abnormal Security found that the phishing campaign began with an attack email that appeared to be an automated message from Sharepoint. To add legitimacy to this ruse, the attackers used spoofing techniques to disguise the sender as Sharepoint. They also didn’t address the email to a single employee but included multiple mentions of the targeted company.
