Smishing is the latest way scammers exploit your mobile users

Mobile Phone Texting

If there’s one thing enterprise IT professionals and cyber criminals can agree on, it’s that the biggest points of vulnerability in any network are users.

Mobile users especially will do the darnedest things! They’ll lose their unsecured phones, download apps from sketchy third-party sites, and access confidential enterprise data using public wi-fi. The seemingly limitless bungling, naivete and carelessness displayed by mobile employees on a daily basis not only makes them the bane of a CISO’s existence, it makes them ideal targets for cyber scammers looking for easy marks.

The key, as any scammer will tell you, is to make a personal connection with the user. Which is why the latest scam technique — smishing — is particularly insidious. Smishing is a variant of phishing, but instead of using email as the delivery channel, scammers target users through text messages.

Texting undoubtedly is a more personal medium for communication than email, which means it gives scammers a better opportunity to exploit a user’s trust and humanity. After all, aren’t we all human? (Not really. Many of the “people” we deal with every day online are actually bots. In fact, some of you reading this are bots.)

People long ago became accustomed to email spam, but many mobile users assume only people they know, or organizations with which they’ve done business, can text them, so they let down their guard. Smishing scammers take advantage of this by asking users to verify account information, user profiles, purchases, outstanding balances, credit card data, and more. Before you know it, the unsuspecting user is clicking on a link that downloads malware or takes them to a malicious website. (And all he wanted to do was keep his Tinder bio up to date!)

Getting mobile employees to stop texting is an impossible task. So what can enterprise IT pros do to protect data and networks from smishing attacks targeting mobile workers? Do their best to raise awareness among mobile users about smishing, encourage them to be a little less trigger-happy with links inside text messages, and hope for the best.

I know, it’s not much. But nobody promised any magic bullets.


Cool security tools your mobile workers just might use

The three realities of ICT security all senior executives must accept

What happened to the enterprise mobile apps revolution?


  1. Rachel tickler says:

    I got scammed


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: