2022 Predictions #3 - Spear SMSishing Hammers Messenger Platforms
Text-based phishing, known as SMSishing, has increased steadily over the years. Like email social engineering, it started with untargeted lure messages being spammed to large groups of users, but lately has evolved into more targeted texts that masquerade as messages from someone you know, including perhaps your boss.
In parallel, the platforms we prefer for short text messages have evolved as well. Users, especially professionals, have realized the insecurity of cleartext SMS messages thanks to NIST, various carrier breaches, and knowledge of weaknesses in carrier standards like Signaling System 7 (SS7). This has caused many to move their business text messages to alternate apps like WhatsApp, Facebook Messenger, and even Teams or Slack.
Where legitimate users go, malicious cybercriminals follow. As a result, we are starting to see an increase in reports of malicious spear SMSishing-like messages to messenger platforms like WhatsApp. Have you received a WhatsApp message from your CEO asking you to help him set up an account for a project he’s working on? Maybe you should call or contact your boss through some other communication medium to verify it’s really that person!
In short, we expect to see targeted phishing messages over many messaging platforms to double in 2022.
See more of WatchGuard's 2022 Cybersecurity Predictions here: