CS Nov-Dec 2020
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
smishing<br />
SMISH, SMASH, BASH!<br />
A RELATIVELY NEW SPIN ON PHISHING HAS ENTERED THE LEXICON, IN THE FORM OF 'SMISHING'.<br />
BUT WHAT IS THAT EXACTLY AND HOW DANGEROUS MIGHT IT BE TO THE UNSUSPECTING?<br />
Phishing scams have become an all<br />
too familiar weapon used against<br />
businesses and individuals, and are<br />
a type of fraud that can come in many<br />
different forms. These scams not only<br />
employ various online techniques, such<br />
as fake emails and pop-up ads, but can<br />
also include phone calls. Often, the<br />
people behind these scams use fear<br />
tactics, in order to get their victims to take<br />
the bait. As Norton points out: "Phishing<br />
is essentially an online con game, and<br />
phishers are nothing more than tech-savvy<br />
con artists and identity thieves. They use<br />
spam, malicious websites, email messages<br />
and instant messages to trick people<br />
into divulging sensitive information."<br />
Banking information, along with credit<br />
card accounts, usernames and passwords,<br />
are just some of the information phishers<br />
seek to exploit.<br />
And now we have 'smishing' to contend<br />
with. For those who are yet to encounter<br />
this form of attack, here are some of its<br />
hallmarks. "Put simply, smishing is any<br />
kind of phishing that involves a text<br />
message. Often times, this form of<br />
phishing involves a text message in an<br />
SMS or a phone number," states Norton.<br />
Smishing is particularly scary, it adds,<br />
because quite often people tend to be<br />
more inclined to trust a text message than<br />
an email. Most people are aware of the<br />
security risks involved with clicking on<br />
links in emails. This is less true when it<br />
comes to text messages.<br />
Smishing uses elements of social<br />
engineering to get people to share their<br />
personal information. "This tactic<br />
leverages your trust, in order to obtain<br />
your information. The information a<br />
smisher is looking for can be anything<br />
from an online password, to your Social<br />
Security Number, to your credit card<br />
information. Once the smisher has that,<br />
they can often start applying for new<br />
credit in your name. That's where you're<br />
really going to start running into<br />
problems."<br />
Another option used by smisher is to say<br />
that, if you don't click a link and enter<br />
your personal information, that you're<br />
going to be charged per day for use of<br />
a service. "If you haven't signed up for the<br />
12<br />
computing security <strong>Nov</strong>/<strong>Dec</strong> <strong>2020</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk