Ever since the global onset of the COVID-19 pandemic, workforces have gone remote and use the internet, phone networks, and other mediums to conduct business. This has made it easy for cyber attackers to target people using social engineering attacks like phishing and SMiShing, which show no signs of slowing down anytime soon.
While these threats continue to evolve in sophistication and effectiveness, enterprises in South Africa and other countries worldwide are joining hands to mitigate such destructive attacks.
SMiShing, also known as SMS Phishing, can be classified as a type of social engineering attack. Unlike email phishing, which uses emails to carry out attacks, SMiShing is done through text messages. A typical example of SMiShing is when a threat actor impersonates a legitimate entity such as your organization, an IT service/security admin, a bank, a government agency, an e-commerce site, a package delivery service, etc., to trick you into divulging your username/passwords or other sensitive information.
Although there has been an increase in awareness surrounding SMiShing scams in South Africa, the threat posed by SMiShing scams cannot be ignored because the majority of us still depend on SMS and other similar mobile applications to communicate with one another. A survey showed that in 2019, 60% of SMS users received spam messages once a week, and 28% almost every day.
What makes SMiShing scarier is that many of us tend to trust SMS messages more than email messages. The way SMiShing works is similar to that of phishing, wherein an attacker pretends to be from your bank and asks for your details or encourages you to click/visit a link to get an offer, reward, or discount. This action will enable the threat actor to obtain your sensitive data or initiate a malware download process in the background.
The year 2019 has seen a sharp rise in phishing activities, where nearly 71% of phishing attacks were financially motivated, as reported by security experts. Almost 29% of breaches involved the use of stolen credentials, and nearly 33% of breaches used social engineering. As opposed to the general assumption that large organizations are frequently targeted by phishing attacks, nearly 43% of breaches involve small-scale businesses and industries.
These statistics show that a large number of people use a mobile device for personal and official purposes. Thus, any random mobile device has a high probability of containing sensitive data, such as financial & security information, username/password, etc. Hackers can easily exfiltrate these if they can install spyware or other malware onto the device successfully.
Defending against SMiShing attacks in South Africa begins with providing simulations and awareness training to an organization’s employees to increase their security awareness surrounding such issues. To help achieve this, Aware’s SMiShing simulations are designed to test your employees in the same way a cybercriminal would and improve their understanding of the dangers associated with this threat.
Along with testing and training, Aware also offers additional features based on your requirements, such as the scale of operations, campaign statistics, etc.
Studies report that phishing led to a loss of $26 billion between 2016 and 2019. SMishing simulations and training are not a one-time activity. They need to be carried out regularly to ensure optimal retention and effective learning. As cybercriminals continue to ramp up their game, organizations must ensure that their employees are equipped to defend their organizations against phishing attacks. How often or how long a company must adopt and incorporate anti-phishing solutions depend on factors such as:
Ans. Phishing is currently one of the most popular modes of delivery for malware infections, whether to steal sensitive information or gain a foothold into an organization’s network. An organization that has fallen victim to a successful phishing attack will often sustain huge financial losses, in addition to the loss of customer trust and reputational damage.