‘Tis the shopping season, marked by a surge in deceptive “missed delivery” smishing messages attempting to pilfer money, data, and identities. Encouragingly, Proofpoint data suggests that the growth of smishing has decelerated in the last 18 months across various regions, transitioning into a recognized part of the threat landscape rather than an escalating danger.
The Lingering Peril
Nevertheless, the peril persists, with recent research indicating that 66% of UAE organizations reported at least one smishing attempt in 2022. Notably, these attacks are evolving into more specialized and cunning endeavors.
Rise of Conversational Attacks: Smishing
Conversational attacks on mobile have witnessed a rapid surge in the past year, experiencing a global increase of 318%. This tactic involves assailants sending multiple messages, mirroring authentic engagement patterns to build trust.
Impersonation has emerged as a noteworthy trend, particularly in some regions, where attackers pose as individuals known to the victim, such as family members, friends, or business associates. Impersonation heightens the likelihood of the victim trusting the message and engaging in conversation.
The Child Impersonation Tactic
A prevalent impersonation tactic involves claiming to be a child with a lost or broken phone, leveraging parental anxiety for social engineering. The subsequent step often involves convincing the victim to shift communication to platforms like WhatsApp before requesting a money transfer.
Recruitment Scams Go Mobile
In a world grappling with layoffs and economic uncertainties, recruitment scams have migrated from email to mobile. Initiated through SMS, attackers seek to prolong engagement on messaging services, exposing victims to advanced-fee fraud, personal data theft, or recruitment as money mules laundering for criminal organizations.
Navigating the Landscape
While the slowdown in smishing growth may sound positive, the reality is that these attacks have become omnipresent while elevating in sophistication. The risk to users and the mobile ecosystem remains substantial, given the central role our phones play in professional, financial, and personal spheres.
In the UAE, a Proofpoint study unveiled that 35% of surveyed employees reported receiving suspicious text messages, underscoring the prevalence of these threats. Alarmingly, 37% of UAE employees are unfamiliar with the term ‘smishing,’ signaling a critical awareness gap.
As scams diversify and become more targeted, the cost of falling victim to an attack can be significant. To combat smishing, spam, or suspicious content, users are encouraged to utilize Android and iOS reporting features. Heightened awareness, continuous education, and prompt reporting are imperative in bolstering defenses against the ever-evolving landscape of mobile-based cyber threats.