Connect with us

Hi, what are you looking for?

Articles

88% smishing surge boosts stake-holders collaboration

In today’s digital age of mobile banking, a new form of cybercrime is now a rising threat – smishing attacks targeting bank customers via SMS messages. This insidious technique combines the classic phishing scam with the ubiquity of SMS, tricking unwary victims into compromise their financial accounts and personal data.

While smishing is not an entirely new phenomenon, its prevalence has skyrocketed in recent years as cyber criminals continuously refine their methods. In 2022 alone, over 350,000 smishing incidents were reported daily across India, resulting in staggering losses exceeding $190 million for consumers. These numbers are just the tip of the iceberg, as many incidents go unreported.

A Global Menace

Santander, one of the largest banks in the world, has been a frequent target of smishing campaigns. In a recent incident, scammers posed as the bank, claiming customers had inherited money and requesting personal information to release the funds. Similarly, HSBC customers have fallen victim to smishing scams involving fake delivery notifications from reputable carriers like Evri.

In the UK, Action Fraud revealed an 88% year-on-year increase in smishing reports in early 2023, with case numbers climbing to over 40,000. North America has also been heavily targeted, with the Canadian Anti-Fraud Centre reporting smishing as the leading type of fraud affecting individuals.

Malicious campaigns demonstrate a remarkable adaptability, frequently evolving techniques to bypass security measures. In one recent case dissected by IBM Security Intelligence, attackers combined smishing with the prolific Emotet malware, using fake banking domains to harvest login credentials before deploying ransomware like TrickBot.

Moreover, the advent of new banking trojans like Chavecloak poses fresh challenges. These trojans target mobile banking users, capitalizing on vulnerabilities in banking apps to harvest sensitive information and facilitate fraudulent transactions.

Human Factor

While technological countermeasures do their bit, the crux of the smishing battle often lies in raising user awareness. Criminals continuously refine their social engineering tactics to manipulate human psychology and override rational skepticism.

The allure of easy money or the fear of financial repercussions often clouds judgment, leading individuals to fall prey to smishing scams. In some instances, scammers exploit the emotional vulnerability of victims. Dr. Steve Furnell, Professor of Cyber Security at University of Nottingham, highlights that smishing preys upon our tendencies to trust text messages as urgent, legitimate communications. We’ve been conditioned to respond rapidly to text messages and take action on their instructions, he explains. This inherent bias, combined with fear of financial repercussions, increases susceptibility to smishing scams.

Countermeasures

Recognizing the severity of the threat, banks are fortifying their defenses through multi-layered security approaches. Permanent TSB of Ireland has partnered with Expleo to deploy the world’s first anti-smishing solution, employing advanced analytics to detect and block fraudulent SMS messages in real-time.

Phil Codd, managing director of Expleo Ireland, said that the company has a responsibility to ensure that what it does is not only good for businesses but good for society too. It is sensitive to protecting the elderly and the tech-novices, who are the most vulnerable members of society. Peter Vance, chief operating officer of Permanent TSB, explains that the company has introduced PTSB Protect as a new line of defense for mobile apps.

As smishing incidents continue their alarming trajectory, some experts envision these attacks accelerating the shift towards more robust, biometric authentication methods. Joseph Lee, a fraud analyst at NICE Actimize, believes that by reducing reliance on easily compromised passwords and knowledge-based credentials, biometrics could make smishing scams less effective on their primary targets.

Beyond bolstering technology, law enforcement agencies are amplifying collaborative efforts to combat the criminal organizations orchestrating these scams. In May 2021, a coordinated crackdown across the UK led to 36 arrests linked to a prolific smishing operation that bombarded victims daily with over 20,000 malicious texts.

Conclusion

Despite heightened security efforts, the reality is that cybercriminals are continuously adapting their tactics to counter defensive measures. The underground smishing-as-a-service market thrives, providing aspiring fraudsters with readymade tools and services to orchestrate campaigns with ease. This ever-evolving arms race needs a multi-stakeholder approach involving banks, fintechs, law enforcement agencies and – crucially – an actively engaged and educated public.

Anatomy of a Smishing Attack

A smishing attack typically begins with a carefully crafted text message impersonating a legitimate bank or financial institution. These messages employ urgent language and plausible scenarios to instill fear and pressure the recipient into action. Common tactics include claiming issues with the recipient’s account or card, prompting them to verify login credentials on a fraudulent website, or luring them into calling a number operated by the scammers. The convincing nature of these scams lies in their exploitation of our trust in businesses and authorities, combined with the familiar act of receiving a text message. Stephen Cobb, a senior security researcher at ESET, explains that it is easy to be fooled because customers getting many legitimate texts from businesses these days.


[email protected]

Read more:

Breaking Barriers, Confronting Industry Challenges

 

 

 

 

Towards Trust, Transparency & Technology

PR Newswire

Copyright © Glocal Infomart Pvt Ltd. All rights reserved. Usage of content from website is subject to Terms and Conditions.