As the world became isolated during the COVID-19 pandemic, mobile phishing—also referred to as SMS phishing or smishing—increased over 300 percent from Q2 to Q3 2020, with a 3,000 percent increase just in malicious COVID-19-related URLs alone. These attacks pose serious risks to their intended targets and the service providers whose networks are used to deliver them.
What is it that makes smishing attacks unique? And whose job is it to mitigate these attacks and protect subscribers from their devastating effects?
What a smishing attack is
Many people think of phishing as an email-specific threat. In fact, attackers send phishing messages over any communications platforms including voice (vishing).
SMS phishing, or rather smishing, is a form of phishing attack carried over SMS messages. As the use of mobile devices becomes more common, cybercriminals increasingly turn to smishing to perform their attacks. The reason is mainly that mobile devices are “always-on” and users are more likely to fall victim to threats in SMS messages than email. This is due to the fact that users will open and read 82% of text messages within 5 minutes of receiving them. The same users will only open 1 in 4 emails that land in their inbox.
Smishing attacks can target anyone for any type of personal information that can be used to access users’ accounts, transfer funds, or gain access to specific services. Often, the goal of these attacks is to steal account credentials, providing the attacker with access to private information and financial data. These attacks may also deliver malware to mobile devices for a variety of purposes such as data theft or ransomware.
How a smishing attack works
Because smishing attacks are basically phishing attacks that are delivered over text messages, attackers use similar techniques as they do for phishing. Smishing attacks follow this common approach:
- Design a pretext: All phishing is based on psychological manipulation. Smishers select a pretext that provides the target with a reason to do what the attacker wants. They use trickery, coercion, bribery, and similar techniques to convince the target to do what they want.
- Prepare the payload: The payload is the part of the attack message that causes harm. It can come in the form of a virus, ransomware, spyware, trojan, adware but mostly frequently – a simple web-form masquerading as that of a legitimate service provider to capture login credentials, credit card details, and PII. To achieve the objective of their attack, smishers prepare landing pages for their targets to visit when they click a link. Or they might create malware to deliver to the device.
- Craft the text: Smishing messages are carefully crafted to convince and drive a target into taking a specific action. The text often uses informal language and brand names to seem more authentic. Smishers also take advantage of link-shortening services to hide the true URL of a link that’s embedded in the message.
- Send the message: Because it’s possible to send text messages from a computer, smishers can automate these attacks and send messages en masse. That said, it’s easy to target specific subscribers or subscriber groups. All an attacker would need is their mobile phone number and access to an SMS service.
- Execute the payload: If a target clicks the embedded link in the malicious SMS message they receive, they go to an official-looking, but fake page. The messaging on the fake page may further convince the target to enter their personal credentials so the smishers can steal their account information or take other harmful action, such as downloading malware.
Risks to service providers
The COVID-19 pandemic contributed to a massive surge in phishing attacks. As people worked from home and the pandemic provided a perfect pretext for attacks, the number of phishing URLs increased 42 percent between 2019 and 2020
The impacts of smishing attacks go beyond their targets. They also hurt the telecommunications service providers who provide the communication that these attacks flow through by potentially causing:
- Reputational damage: Claiming that a message comes from a service provider is a common pretext in smishing. A service provider’s customers are at risk of harm by smishing messages that are sent over their network and claim to be from them. Such messages hurt their customers’ trust in the organization and weaken its reputation.
- Loss of customers: Service providers have a responsibility to protect their customers against attacks that flow over their infrastructure. A failure to do so might cause customers to leave and switch to another service provider.
End-user education and device-level security are common approaches to dealing with smishing threats. But since most smishing attacks lean on social engineering to motivate users, the risk of “falling for it” is inevitable. The only way to fight this is to prevent users from ever being exposed to such scams.
Prevent smishing attacks at the cellular network level
Smishing attacks travel over cellular networks, which gives service providers the opportunity to identify and block them before they ever reach their customers’ devices. Service providers can route traffic that flows over the network through a solution that identifies common attacks and provides centralized security visibility for an organization.
Adding a secure overlay over a service provider’s network creates the following security benefits, among others, for service providers and their customers:
- Scalability: The mobile endpoint landscape is fragmented with a variety of manufacturers and devices. Network-level security allows the protection of all devices without the need for platform-specific solutions.
- Resource utilization: Mobile and IoT devices have limited resources, which can mean that endpoint solutions trade off performance for security. A network-level solution provides complete protection without consuming valuable resources on the endpoint.
- Threat interception: There’s only so much service providers can do to educate users on the dangers of smishing. Malefactors take the time to create perfect copies of service provider websites and craft reliable texts to lure them in. Intercepting these texts at the network level simple helps keep everyone safe, regardless of how aware they may be of smishing.
- Centralized visibility: A network-level solution can provide centralized visibility into the traffic to all devices for a service provider or enterprise. This level of inspection enables more efficient and effective incident detection and response.
The vast array of mobile attack vectors makes endpoint security solutions a good idea for enterprises. However, network-level protections provide several significant advantages. Mobile service providers that offer network-level security as a service can protect their customers and reputation. They also have a competitive advantage over providers that leave their customers vulnerable to these attacks.
Deploy cellular network-level protection
Smishing attacks are a growing threat to organizations and mobile service providers alike. While endpoint solutions provide some protection against these threats, they aren’t a perfect solution.
By deploying network-level smishing protection, you can identify and block smishing attacks before they reach their target.
FirstPoint protects mobile devices from smishing and other hidden attacks before they happen. Learn how they ensure full protection at the network level against cyberattacks. Head to our Homepage to learn more about protecting your connected devices.