Arrests have been made in the United Kingdom after a group of hacker was discovered to be sending large amounts of text messages to try and trick recipient into sharing their login details.
The Birmingham-based cybercriminals published their own website and using online advertising to reach more potential victims. When these activities were discovered police issued a warrant for the arrest of those responsible.
The group, referred to as ‘SMS Bandits’ advertised across several mediums and sent text messages which included a link to a malicious website that request visitors to share their login credentials and other sensitive data. SMS Bandits pledged to attack a large amount of phone numbers with smishing messages for just $40 to $125 per week using the service they called ‘OTP Agency’.
The service they advertised was offering to conduct smishing attacks, the SMS bandits offered “bulletproof hosting,” meaning the attack site could not be taken down by standard legal efforts. In most cases, these attacks fail when the site is reported and hosting is disable by the host. The smishing attacks could be bespoke, allowing the specific targeting of small businesses, large businesses, and individuals.
It is important for organization to be conscious of the threat posed by smishing and take steps to training staff in relation to this. Hacker aim to use smishing to begin an attack and steal intellectual property or private corporate information that could be damaging to an organization reputation.
Email filters are a excellent at preventing messages from spoofed senders and malicious message content, but text messages do no tnormally have a feature like this. This best tactic to prevent smishing is to educate staff members in relation to spotting them. The content is typically similar to a phishing attack with offers of discounts or money in exchange for clicking a link and entering private data. If this data happens to be corporate data, then it would be disclosed to the cybercriminals.
One of the main characteristics of a smishing attack is the use of short links – denying readers full visibility of the site behind the URL. Short links should be the first warning sign in relation to smishing, the second being the promise of money or discounts. Seeing both of these together is a sure sign that message is malicious and should be deleted.
Companies need to train staff members so they can spot these signs and characteristics of smishing attacks. The importance of never handing over credentials to any third party, or filling out a form that included them on a linked website, needs to be emphasised.
Using a solution like that offered by multi-award winning TitanHQ would add a security suite renowned for advanced email security, DNS filtering and safe email archiving. Make the first move and get in touch with the team at TitanHQ today.