Social Engineering Scams: Phishing, SMShing

Posted: 6 months ago

Thanks to the speedy development of
communications technology for bringing mobile phones in every hand.  The idea of hand-held phones had made it
possible to manage a range of tasks from calling to making monetary
transactions. But concurrently the increased use of handsets for various tasks has
made the phone systems prone to hijacking and frauds. One of such scams is a phishing attack.


Phishing is
a fraudulent way of inducing the credentials of the victim through
impersonation.


During the attack, the phishers
tend to steal the personal and financial information of the victim through
emails, texts or calls that appear to be from the well-reputed company. The victim is asked to share his credentials or login on fake websites that reveal
the personal information of the victims such a card details, CVV and passwords.
The phishers use the personal information of the victims for hijacking, money
theft from bank accounts and identity theft.

As per the Phishing Statistics 2019

Ø   The phishing has grown to 65% in the last year
and is responsible for 90% of data thefts.


Ø   1.5M phisher websites are being created every
month.


Ø   30% of the phishing texts are being opened.

Ø   It takes around 50 days to discover any
phishing or breach that has happened. 


These scams usually present
legitimate-looking, socially engineered and alluring bait content before the
targeted users that trick them to provide all the personal information.
Various techniques of phishing are
being used by the scammers such as:


·       Deceptive Phishing is the most common among
the phishing attack techniques. The
fraud is done by a legitimate-looking email from a well-reputed company or
service already being used by the victim. The victims are asked to share their
personal information on the fraudulent links.


·       Spear Phishing uses the same tactic as used in
deceptive phishing but then things get more personal here. The scammers use
social engineering for attacking as the victims are usually presented an
alarming situation before sharing their details such as that ‘the account would
be closed’, etc.


·       Pharming is the most formidable type of
phishing technique where the attackers are responsible for hijacking the server
website and redirect the users to the attacker’s website. This technique of phishing just requires a
little error from the user.


·       SMShing is one of the latest in phishing techniques in 2019. This kind of
phishing involves text messages sent to mobile phones. As people rely more on text messages as compared to emails, they are more likely to share their
information via text messages. The text messages are received on phone numbers,
Facebook, and messenger apps.




SMShing



SMShing”- might seem a silly word but is
a very dangerous one.


Short
Message Service (SMS) phishing technique is used mainly to carry on phishing on
the mobile phones where the text message leads to a link that leads to the
download of Trojan into the phone without the user’s consent. The bait in
SMShing is the text message that further ploy the user to click the link and
induce the credentials. No skilled programmers are involved in SMShing
technique but only anyone who could write persuasive text messages prompting
the victims to make the payments.

The SMShing technique is mainly a social engineering fraud recognized as the world’s most
emerging scam trend by International Police Agency INTERPOL. The phishers
leverage the trust of the victim to extract sensitive information.  Nowadays people are cautious of clicking any
links sent via emails but the same diminishes in text messages.


How do
these masqueraders operate?

1.    
The fraudsters send text messages on
the victim’s phone proclaiming cash prizes, lotteries, job offers, etc and
request the users to share their card details.


2.    
Unsuspectingly the users do as
instructed by the senders either they share their details via call/text, visit
the website or download ill content.


3.    
The shared details are used by the
sender to steal money and personal information.


To protect oneself
from such fraudsters it is advised :

·      
One should never share his/her
personal & financial information via text messages or calls or emails.


·      
Never follow the instructions in the
text or call from the untrusted source.


·      
One should immediately delete these
text messages.


·      
Never click on the links sent without
knowing the sender.


·      
Installing internet security on
mobile phones and desktops.


·      
In case of doubt regarding a text, it is better not to open it.


·      
Enabling multi-factor authentication(
MFA) on the phone could prevent cybercrimes.


·      
Such text messages should be
immediately reported to the authorized companies.


One doesn't need
to have a desktop for falling prey to these scammers as these days cell phones
are being increasingly targetted and attack. Mobile phone users need to learn
to use their mobile phones with caution and concern.