CS Nov-Dec 2020

More documents

Recommendations

Info

smishing SMISH, SMASH, BASH! A RELATIVELY NEW SPIN ON PHISHING HAS ENTERED THE LEXICON, IN THE FORM OF 'SMISHING'. BUT WHAT IS THAT EXACTLY AND HOW DANGEROUS MIGHT IT BE TO THE UNSUSPECTING? Phishing scams have become an all too familiar weapon used against businesses and individuals, and are a type of fraud that can come in many different forms. These scams not only employ various online techniques, such as fake emails and pop-up ads, but can also include phone calls. Often, the people behind these scams use fear tactics, in order to get their victims to take the bait. As Norton points out: "Phishing is essentially an online con game, and phishers are nothing more than tech-savvy con artists and identity thieves. They use spam, malicious websites, email messages and instant messages to trick people into divulging sensitive information." Banking information, along with credit card accounts, usernames and passwords, are just some of the information phishers seek to exploit. And now we have 'smishing' to contend with. For those who are yet to encounter this form of attack, here are some of its hallmarks. "Put simply, smishing is any kind of phishing that involves a text message. Often times, this form of phishing involves a text message in an SMS or a phone number," states Norton. Smishing is particularly scary, it adds, because quite often people tend to be more inclined to trust a text message than an email. Most people are aware of the security risks involved with clicking on links in emails. This is less true when it comes to text messages. Smishing uses elements of social engineering to get people to share their personal information. "This tactic leverages your trust, in order to obtain your information. The information a smisher is looking for can be anything from an online password, to your Social Security Number, to your credit card information. Once the smisher has that, they can often start applying for new credit in your name. That's where you're really going to start running into problems." Another option used by smisher is to say that, if you don't click a link and enter your personal information, that you're going to be charged per day for use of a service. "If you haven't signed up for the 12 computing security Nov/Dec 2020 @CSMagAndAwards www.computingsecurity.co.uk
smishing service, ignore the message," advises Norton. "If you see any unauthorised charges on your credit card or debit card statement, take it up with your bank. They'll be on your side." HOW TO KNOW IF YOU'RE BEING SMISHED In general, don't reply to text messages from people you don't know. That's the best way to remain safe. "This is especially true when the SMS comes from a phone number that doesn't look like a phone number, such as a '5000' phone number. This is a sign that the text message is actually just an email sent to a phone. You should also exercise basic precautions when using your phone. Don't click on links you get on your phone, unless you know the person they're coming from. Even if you get a text message with a link from a friend, consider verifying they meant to send the link before clicking on it. A full-service Internet security suite isn't just for laptops and desktops. It also makes sense for your mobile phone. A VPN such as Norton Secure VPN is also one advisable option for your mobile devices. This will secure and encrypt any communication taking place between your mobile and the Internet on the other end. "Never install apps from text messages. Any apps you install on your device should come straight from the official app store. These programs have vigorous testing procedures to go through before they're allowed in the marketplace. Err on the side of caution. If you have any doubt about the safety of a text message, don't even open it." Almost all of the text messages that you get are going to be totally fine. However, it only takes single rogue message to compromise your security. With just a little bit of common sense and caution, you can make sure that you don't become a victim of identity theft. WHAT SMISHERMEN USE AS BAIT As Kapsersky Labs points out, texting is the most common use of smartphones - and so a rich source of pickings for smishers. Experian found that adult mobile users aged 18 to 24 send more than 2,022 texts per month-on average, that's 67 per day-and receive 1,831. "A couple of other factors make this a particularly insidious security threat," warns Kaspersky. "Most people know something of the risks of email fraud. You've probably learned to be suspicious of emails that say 'Hi-check out this cool link' and don't contain an actual personal message from the supposed sender. "When people are on their phones, they are less wary. Many assume that their smartphones are more secure than computers. But smartphone security has limitations and cannot directly protect against smishing. As noted by WillisWire, cybercrime aimed at mobile devices is rocketing, just as mobile device usage is. However, while Android devices remain the prime target for malware-simply because so many of them are out there; and the platform offers greater flexibility for customers (and cybercriminals!)- smishing, like SMS itself, works crossplatform. This puts iPhone and iPad users at particular risk, because they often feel they are immune to attack." Although Apple's iOS mobile technology has a good reputation for security, no mobile operating system can by itself protect you from phishing-style attacks, argues Kaspersky. "Another risk factor is that you use your smartphone on the go, often when you're distracted or in a hurry. This means that you're more likely to get caught with your guard down and thus respond without thinking, should you receive a message asking for bank information or to redeem a coupon." The good news is that the potential ramifications of these attacks are easy to protect against. In fact, you can keep yourself safe by doing nothing at all. "The attack can only do damage if you take the bait." No financial institution or merchant will send you a text message asking you to update your account information or confirm your ATM card code, reiterates Kaspersky. "If you get a message that seems to be from your bank or a merchant you do business with, and it asks you to click on something in the message, it's a fraud. Call your bank or merchant directly, if you are in any doubt. Remember that, like email phishing, smishing is a crime of trickery - it depends on fooling the victim into cooperating by clicking a link or providing information. Indeed, the simplest protection against these attacks is to do nothing at all." As technology has developed and evolved, the ways in which scammers try to target people has developed with it, comments the Financial Ombudsman Service (FOS). "From fake websites to text messages that appear to be from a legitimate source, scammers will try a variety of ways to get personal information from you, in order to take money from your accounts, use the details you share to pretend to be you, or to sell on. As well as use of technology, we also see scammers trying to manipulate or exploit situations to build trust or create panic, to try to get people to divulge information over the phone, and sometimes even face to face. MULTIPLE TARGETS The FOS sees a wide variety of circumstances in the complaints that are referred to it and not just related to banking - "we know that fraudsters also look to target pensions, investments and insurances, too". The industry regulator, the FCA, has information on its website about avoiding investment and pension www.computingsecurity.co.uk @CSMagAndAwards Nov/Dec 2020 computing security 13
Page 1 and 2: Computing Security Secure systems,
Page 3 and 4: comment TIME TO TAKE GDPR UP A GEAR
Page 5 and 6: Pragmatic and experienced risk mana
Page 7 and 8: editor's focus "Well trained staff
Page 9 and 10: health monitoring within the compan
Page 14 and 15: smishing scams, while the Associati
Page 16 and 17: industry insights THE NEW ORDER IS
Page 18 and 19: mergers & acquisitions HITTING THE
Page 20 and 21: Data privacy BEYOND THE EU-US PRIVA
Page 22 and 23: contact tracing WE HAVE CONTACT THE
Page 24 and 25: contact tracing smartphones in mind
Page 26 and 27: hacking surge HACKERS FOR HIRE HACK
Page 28 and 29: hacking surge Adrian Rowley, Gigamo
Page 30 and 31: threat intelligence APTS AND COVID-
Page 32 and 33: gender inequality TIME TO REBALANCE
Page 34 and 35: gender inequality equates to - and
Page 36: NEW Sensitive Data Discovery and Re

CS Nov-Dec 2020

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?