The CIO-level business angle on the latest tech
Network World - Everyone's talking about BYOD. Does it really mean "bring your own device," or does the D stand for "danger"? With concerns about malware on smart devices, data breaches from lost or stolen devices, and malicious applications that siphon your contact list without permission, there certainly is a bit of risk from using mobile devices.
Another danger that is on the rise for smartphone users is SMiShing, or SMS phishing. A form of phishing, SMiShing occurs when a fraudster sends you an SMS/text message asking you to provide sensitive, personal, and/or financial information via a Web link and false website, or via a telephone number.
SMiShing has been around for at least five years, so why should we be concerned now? According to Mary Landesman, senior security researcher at Cloudmark, SMS spam campaigns in the U.S. grew by 400% in the first half of 2012, and about one-third of all SMS spam includes SMiShing attempts.
[ IN THE NEWS: FTC dumps on scammers who blasted millions of text messages ]
It's not a surprise that SMiShing attempts should be growing so rapidly, considering that criminals go where their opportunities are greatest. They've got to be salivating over these statistics:
That last statistic about the open rate for messages is a key reason why many SMiSh attempts are successful. Criminals use this immediate responsiveness to their advantage. SMiSh messages usually have a sense of urgency to get you to act quickly without much thought. There may be an offer for something for free or at a great discount if you act now, or you may be urged to respond right away to keep something bad from happening. For example, you might get a message that appears to come from your bank, telling you that your credit card is going to be canceled unless you verify your account right away. Or, you can get a free gift card from a retailer if you are one of the first people to visit a Web page (which happens to be fake).
SMiShing isn't just bad for individuals; as more and more people use their personal devices at work, corporate data and networks can be affected too. Like phishing, SMiShing can be used to plant malware such as a keystroke logger or botnet code. Once the smartphone is compromised, the criminal can do any number of things: steal data, launch attacks, plant malware on servers, etc.
Most of us are becoming more aware of phishing attempts and learning how to spot a phish email. However, we are still too trusting of text messages that come directly to our phones, perhaps because the device itself is so personal. What's more, criminals are clever and they make their SMiSh messages appear to be coming from a trusted source -- a friend, a retail store you do business with, your bank, etc. Also, there's no easy way to preview a link in a text message as you can in an email by moving your cursor over the link. Links in text messages are often condensed URLs so you really have no idea what they lead to.
Linda Musthaler is a principal analyst with Essential Solutions Corporation.
Rss Feed
The Connected Enterprise
You are previewing premium content. 
