An SMS phishing attack on Zendesk employees has allowed access to be gained to sensitive customer data. The data breach highlights the importance of implementing a defense-in-depth approach to security that includes multiple layers of protection against all forms of phishing.

Phishing is most commonly conducted via email; however, improvements in email security solutions have made it harder for malicious actors to get their emails delivered to inboxes. Advanced email security solutions such as SpamTitan incorporate many layers of protection, including machine-learning algorithms to predict novel phishing attacks. Advanced malware protection prevents the delivery of malicious files, combining signature-based antivirus engines with behavioral detection through sandboxing, and the solution also scans emails for malicious links and blocks those messages.

Over the past couple of years, there has been an increase in other forms of phishing that take advantage of the paucity of protection against malicious messages sent via the SMS network and instant messaging platforms and the lack of protection against voice phishing. Businesses typically lack technical defenses against these forms of phishing, which allows employees to be reached more easily.

SMS phishing – or smishing as it is commonly known – involves malicious SMS messages, typically including a link to a malicious website where credentials are harvested. This type of phishing is employed by many different threat actors, including a threat group known as 0ktapus. In 2022, the group conducted a campaign targeting more than 130 companies, including Twilio and Cloudflare. An analysis of the campaign revealed the group had successfully compromised at least 9,930 accounts at more than 130 organizations. That campaign saw credentials stolen as well as multi-factor authentication codes.

While it is currently unclear which threat actor was behind the attack on the customer service software provider Zendesk, the phishing attack was conducted via SMS messages. Zendesk has yet to make an official announcement, but the cryptocurrency trading firm Coinigy said it has been notified by Zendesk about the data breach and said it was informed that several Zendesk employee accounts were compromised, in what Coinigy said was “a sophisticated SMS phishing campaign”. Those accounts contained unstructured data from a logging platform from September to October 2022. Other cryptocurrency platforms appear to have also been affected.

SMS phishing takes advantage of a common hole in businesses’ security defenses that is difficult to address with technical solutions. The best defense against these attacks is security awareness training for employees. This is an area where TitanHQ can help. TitanHQ offers businesses a comprehensive security awareness training platform called SafeTitan, which provides training on all aspects of cybersecurity and phishing, including email phishing, SMS phishing, and voice phishing. The platform provides training in short modules of no more than 10 minutes, with the training content gamified to improve knowledge retention and make it enjoyable. Training courses can easily be developed and automated to provide constant training to employees, teaching them the signs of phishing and other malicious attacks and training them on how to respond when threats are encountered.

With phishing attacks becoming more sophisticated and taking many forms, it has never been more important for businesses to ensure that they have appropriate defenses in place, which should include spam filtering, web filtering, and security awareness training, all of which are provided by TitanHQ.