Gone are the days when cyber criminals sat in a basement with poor attempts at stealing information. Today’s threat actors are organised, sophisticated, and have the latest technologies needed to profit from their thefts. South Africa has been one of the hardest hit when it comes to the newest criminal efforts. “Smishing” now leads the way to cyber threats and it has devastated many.
Smishing combines a more intellectual method of appealing to the general populace to achieve their nefarious deeds. An acronym for “SMS phishing”, it is form of social engineering attack through SMS contact. The threat actors can impersonate organisations and companies that might appear to be trustworthy or well-known and they send an SMS message to the individual that they want to appeal to. The message can appear to come from a government agency, a bank, a loan company, a delivery service for packages, or any entity that might sound legitimate. Their goal is to entice the user to expose sensitive information such as passwords, user names, account numbers, etc. In some cases the SMS text message will ask the individual to click on a link that will add malware to the phone or take them to a website to add their login and password to confirm a purchase or profile.
While this form of scam has been alerted throughout South Africa, the threat itself remains high on the list of cyber threats. One of the main reasons smishing has been so successful is that a large percentage of people rely on SMS or like applications on their phones for communication. A majority of individuals have become accustomed to scams being received via email but people have a tendency to be more trusting when it comes to SMS messages.
One of the misconceptions is that people assume cyber criminals are more interested in only stealing data from large corporations. However, almost half of the breaches involve smaller companies and over one third are attacks against individuals. In the case of smishing, the text message typically includes some form of sense of urgency such as an account being breached. This institutes a potential state of panic and in some cases, the person lets their guard down, assuming the sender is a valid organisation.
Researchers have described this shift to digital wallet access as a fundamental change in the manner that cybercriminals approach their victims. Using fake websites, criminals can gain access to an account or credit card information and authorize its use online without requiring a physical card. A majority of those that have fallen prey to smishing may not be aware that their accounts have been hacked.
Defense against Smishing attacks in South Africa is based on education and knowledge. Using a professional cybersecurity organisation such as DaVinci Cybersecurity can offer awareness and simulation training to staff. We train individuals on methods they can also use to assist in protecting their personal accounts. In today’s digital landscape, everyone needs to take extra proactive steps to ensure that both business and individual data and information is protected.
“DaVinci Cybersecurity maintains the most up-to-date information to share and educate our clients. Our goal is to make sure that everyone is aware and can take actions as the world of cyber threats shifts and changes.”
– Sharon Knowles, CEO DaVinci Cybersecurity
Source:
share.newsbreak.com/egy1vy4d?s=i16
aware.eccouncil.org/smishing-in-south-africa.html
