Monday, 08 August 2022 01:14

Smishing, among the most common cybercrime hooks

Written by Evelyn Alas

The cyberattack known as smishing, a variant of phishing, is the type of fraud attempt that, in 2021, affected 74% of the organizations analyzed by Proofpoint to prepare its report 'State of the Phish Report 2022'. The study was compiled from responses obtained from the survey that targeted 600 IT security professionals at companies in Australia, France, Germany, Japan, Spain, the United Kingdom and the United States.

Among the most common "hooks", according to WTW, is "an urgent SMS from the bank stating that the customer's account has been blocked and needs information to get it working again". Given the nature of the crime, and the fact that human interaction is absolutely necessary for it to occur, "protection against smishing does not require complicated security systems or costly technological solutions. The key is for employees who are likely to act with critical company data (bank accounts, corporate data, IDs, etc.) to know what this cyber-attack is about, how it occurs and the measures needed to prevent smishing from succeeding".

This is key because, as Carolina Daantje, Director of Cyber Risks at WTW, explains, "BBB bank crime policies only cover smishing if it is proven that the hacker has accessed the bank's system to obtain the client's data or has sent the message from the bank's system. Generally, the liability in cases of smishing is not of the bank, but of the customer who is deceived, but there is always the possibility that a judge deems that the bank is responsible and has to assume that loss, so it is important to have an insurance policy with a broad language and that adapts to the constant evolution of the different forms of fraud".

The importance of protecting yourself

From WTW some tips are provided that, although they may seem obvious, help to detect this type of cybercrime. "First of all, it is important to pay attention to the sender, since sometimes his name will not coincide with the name of the company that apparently sends the SMS. Then, it is essential to read the text carefully, since the message will probably contain grammar, spelling or translation errors; it is also necessary to observe whether the https:// protocol is specified, since these types of SMS redirect to links with unsecured addresses that do not use it".

To avoid this type of cyber-cheating, it is important to bear in mind that "you should be suspicious of unknown senders or of unexpected or unusual SMS messages. Never provide confidential data -especially banking and identification data- or access the hyperlinks provided by the SMS, and always protect the company's bank accounts with strong passwords".