By now, you're well aware of phishing and the threat it presents. You probably even think twice before clicking a link sent to you by a stranger. But, just as you've gotten familiar with the latest cyber threat, a new threat emerges. SMiShing.
SMiShing is the term that many in the security industry are using to describe a social engineering technique that exploits its victims using SMS, or text messaging. Where phishing uses email as the entry point of attack, SMiShing uses text messages as its point of entry.
SMiShing is a relatively new trend and one that is particularly alarming. Most of us are aware of the phishing threat around our email inboxes and therefore, tend to exercise caution. Most of us aren't aware of the threat that's presented in our cell phone's text message inbox and therefore, we tend to trust text messages more than we do emails, even from unknown senders.
This elevates the probability that we will click on a malicious item sent to us via text. Hackers know this too, and that's why they're using SMiShing attacks at an increasing rate.
It's common to receive a SMiShing message that alerts you to daily charges that you will begin receiving unless you opt-out of the service.
A link will be provided and you will be instructed to follow that link in order to opt-out of the service and avoid daily charges.
When you click the link, you're brought to a website page that asks you to fill out a form if you want to opt-out of the service. The form will ask for your personal information.
If you submit this information, the person behind the scam will either keep your information to use in other fraudulent acts or they will sell it on the dark web to other criminals in the market for stolen identities.
Sadly, there's no fail-safe approach to cybersecurity but Twinstate can certainly educate you and your team on best practices with User Awareness Training that will put you in better position for the future. If you have any questions, comments, or feedback reach out to us at