CS Nov-Dec 2020
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
smishing<br />
service, ignore the message," advises<br />
Norton. "If you see any unauthorised<br />
charges on your credit card or debit card<br />
statement, take it up with your bank.<br />
They'll be on your side."<br />
HOW TO KNOW IF YOU'RE<br />
BEING SMISHED<br />
In general, don't reply to text messages<br />
from people you don't know. That's the<br />
best way to remain safe. "This is especially<br />
true when the SMS comes from a phone<br />
number that doesn't look like a phone<br />
number, such as a '5000' phone number.<br />
This is a sign that the text message is<br />
actually just an email sent to a phone.<br />
You should also exercise basic precautions<br />
when using your phone. Don't click on<br />
links you get on your phone, unless you<br />
know the person they're coming from.<br />
Even if you get a text message with a link<br />
from a friend, consider verifying they<br />
meant to send the link before clicking<br />
on it. A full-service Internet security suite<br />
isn't just for laptops and desktops. It also<br />
makes sense for your mobile phone.<br />
A VPN such as Norton Secure VPN is<br />
also one advisable option for your mobile<br />
devices. This will secure and encrypt any<br />
communication taking place between<br />
your mobile and the Internet on the<br />
other end. "Never install apps from text<br />
messages. Any apps you install on your<br />
device should come straight from the<br />
official app store. These programs have<br />
vigorous testing procedures to go through<br />
before they're allowed in the marketplace.<br />
Err on the side of caution. If you have any<br />
doubt about the safety of a text message,<br />
don't even open it."<br />
Almost all of the text messages that you<br />
get are going to be totally fine. However,<br />
it only takes single rogue message to<br />
compromise your security. With just a<br />
little bit of common sense and caution,<br />
you can make sure that you don't become<br />
a victim of identity theft.<br />
WHAT SMISHERMEN USE AS BAIT<br />
As Kapsersky Labs points out, texting is<br />
the most common use of smartphones -<br />
and so a rich source of pickings for<br />
smishers. Experian found that adult<br />
mobile users aged 18 to 24 send more<br />
than 2,022 texts per month-on average,<br />
that's 67 per day-and receive 1,831.<br />
"A couple of other factors make this a<br />
particularly insidious security threat,"<br />
warns Kaspersky. "Most people know<br />
something of the risks of email fraud.<br />
You've probably learned to be suspicious<br />
of emails that say 'Hi-check out this cool<br />
link' and don't contain an actual personal<br />
message from the supposed sender.<br />
"When people are on their phones, they<br />
are less wary. Many assume that their<br />
smartphones are more secure than<br />
computers. But smartphone security has<br />
limitations and cannot directly protect<br />
against smishing. As noted by WillisWire,<br />
cybercrime aimed at mobile devices is<br />
rocketing, just as mobile device usage is.<br />
However, while Android devices remain<br />
the prime target for malware-simply<br />
because so many of them are out there;<br />
and the platform offers greater flexibility<br />
for customers (and cybercriminals!)-<br />
smishing, like SMS itself, works crossplatform.<br />
This puts iPhone and iPad users<br />
at particular risk, because they often feel<br />
they are immune to attack."<br />
Although Apple's iOS mobile technology<br />
has a good reputation for security, no<br />
mobile operating system can by itself<br />
protect you from phishing-style attacks,<br />
argues Kaspersky. "Another risk factor is<br />
that you use your smartphone on the go,<br />
often when you're distracted or in a hurry.<br />
This means that you're more likely to get<br />
caught with your guard down and thus<br />
respond without thinking, should you<br />
receive a message asking for bank<br />
information or to redeem a coupon."<br />
The good news is that the potential<br />
ramifications of these attacks are easy to<br />
protect against. In fact, you can keep<br />
yourself safe by doing nothing at all.<br />
"The attack can only do damage if you<br />
take the bait."<br />
No financial institution or merchant<br />
will send you a text message asking you<br />
to update your account information or<br />
confirm your ATM card code, reiterates<br />
Kaspersky. "If you get a message that<br />
seems to be from your bank or a<br />
merchant you do business with, and it<br />
asks you to click on something in the<br />
message, it's a fraud. Call your bank or<br />
merchant directly, if you are in any doubt.<br />
Remember that, like email phishing,<br />
smishing is a crime of trickery - it depends<br />
on fooling the victim into cooperating by<br />
clicking a link or providing information.<br />
Indeed, the simplest protection against<br />
these attacks is to do nothing at all."<br />
As technology has developed and<br />
evolved, the ways in which scammers try<br />
to target people has developed with it,<br />
comments the Financial Ombudsman<br />
Service (FOS). "From fake websites to<br />
text messages that appear to be from<br />
a legitimate source, scammers will<br />
try a variety of ways to get personal<br />
information from you, in order to take<br />
money from your accounts, use the details<br />
you share to pretend to be you, or to sell<br />
on. As well as use of technology, we also<br />
see scammers trying to manipulate or<br />
exploit situations to build trust or create<br />
panic, to try to get people to divulge<br />
information over the phone, and<br />
sometimes even face to face.<br />
MULTIPLE TARGETS<br />
The FOS sees a wide variety of<br />
circumstances in the complaints that<br />
are referred to it and not just related to<br />
banking - "we know that fraudsters also<br />
look to target pensions, investments and<br />
insurances, too". The industry regulator,<br />
the FCA, has information on its website<br />
about avoiding investment and pension<br />
www.computingsecurity.co.uk @<strong>CS</strong>MagAndAwards <strong>Nov</strong>/<strong>Dec</strong> <strong>2020</strong> computing security<br />
13