Compliance Chronicles – Volume 4 – Q4 2023

Smishing is all the Rage

According to a recent report from security vendor Zimperium, you are six to ten times more likely to be tricked by SMS phishing (smishing) than traditional email phishing. Cybercriminals love these odds, so smishing has become extremely popular. It’s important to understand the significance of these attacks and how to stay safe.

This surge in smishing attacks also comes with new threats. For example, did you know that you could get malware on your mobile device? In fact, Zimperium reported a 51 percent increase in mobile malware samples in 2022. The report also states that 80 percent of malicious websites function on mobile browsers. This means that cybercriminals are specifically designing their attacks for use on mobile devices.

Follow the tips below to stay safe from smishing attacks:

• Think before you tap. Cyberattacks are designed to catch you off guard and trigger you to open links impulsively. 
• Consider the origin of the text message. Did you sign up for SMS alerts? Is the message similar to other text messages you’ve received from this organization?

Never log in to an account from a link in a text message. Instead, navigate to the organization’s official website to log in.

Smishy Package Failed to Deliver

Recently, cybercriminals have been impersonating postal services around the world through SMS phishing (smishing) scams. These postal services include the US Postal Service, UK Royal Mail, Correos in Spain, and Poste Italiane in Italy.

In this scam, cybercriminals send you a text message impersonating the postal service in your country. The text contains a link and says that your package can’t be delivered until you provide additional information. If you tap the link, you’ll be taken to a spoofed postal service website that prompts you to enter your credit card details so your package can be delivered. If you enter your credit card details, cybercriminals could steal your money or personal information.

Follow the tips below to stay safe from similar scams:

• Never tap a link in a text message that you weren’t expecting. 
• Be cautious when entering payment information on a website accessed via text message. To stay safe, navigate directly to the organization’s official website.
• Remember that this type of attack isn’t exclusive to postal services. Cybercriminals could use this technique to impersonate any business in any country.

 If you have any questions, please don’t hesitate to reach out