There are times of the year when cyber becomes more pressing, and the holiday season is one of them. In fact, experts highlight an increase in attacks that use text messages to access mobile devices and steal personal data and banking access.
Those we are experiencing are weeks of particular frenzy in view of the holidays, with the need to make work commitments and the acquired gifts or the organization of lunches and dinners coincide. Thus the attention towards possible IT risks decreases precisely when the promotional messages that push to purchase increase, from the black friday week just ended to the special offers on Christmas purchases. Our mobiles are literally bombarded with offers right now. And cybercriminals certainly do not allow themselves to escape the greedy opportunity this represents for their shady deals.
Smishing attacks are on the rise.
The term smishing refers to those cyber attack techniques which, through the sending of sms, allow to steal data and information from mobile devices. Basically it is the name of the phishing attacks carried out through the message systems. Not fake e-mails but fake text messages that steal personal data or lead you to click on malicious links. But that is not all. Cybercriminals have also started using modified versions of applications that once downloaded to the victim's phone install a system that simulates receiving a text message.
The growth of this type of attacks is attributable to the growth in the use of smartphones as the main tool for connecting and using the internet. By now, most connections take place from mobile devices, resulting in information, personal and banking data. An important source of income for hackers who only aim at illicit revenue. Just think of the various applications related to digital identity or home banking, all operations that are most often managed via mobile phones.
How a smishing attack works.
At the base of these attacks there are generally social engineering techniques that exploit the psychological weaknesses of potential victims to make them take a specific action: click on a link, call a phone number, fill out a form. An immediate advantage is usually offered as a result of the action one is asked to take. One of the most classic marketing actions. Obviously the advantage is only an illusion and the data entered is collected by cyber criminals who will then try to monetize it, selling it on the dark web or directly carrying out operations with credit card data.
The success of these attacks is also, and above all, due to the fact that criminals use the logos and colors of well-known brands, such as Poste Italiane, banking institutions or large-scale distribution brands. This obviously makes the message credible, and will help to create that climate of trust which, supported by the lack of attention and attractiveness of the prize, turns out to be fatal. In a period of the year when online purchases are multiplying, smishing messages, for example, simulate problems with deliveries or payments to make the unsuspecting victim enter the credit card details.
However, data is not always requested. In recent smishing campaigns, victims were invited to download free applications that installed malware capable of stealing personal information stored on their smartphone.
How to defend against smishing attacks.
The golden rule is to always keep the level of attention high and not underestimate the risks. Be wary of easy earnings and unlikely prizes by avoiding providing your data except through official channels, without following unlikely links sent by message. Very often these are already known smishing campaigns, so before clicking on any link or downloading anything, a Google search may be sufficient to verify what it really is.
