How businesses can prevent text-message phishing (smishing)

This is a threat that you can’t easily control. Given the ubiquity and versatility of smartphones, have the fraud floodgates opened?

In the first six months of 2021, smishing scams in the UK increased by nearly 700%. The significant threat increase is attributed to an uptick in package/parcel deliveries during coronavirus-related stay-at-home orders. However, despite the declining coronavirus case-counts in many Western nations, these scams haven’t abated.

Smishing prevention can save your organization time, money, and human capital. In the business setting, smishing can lead to loss of control over devices, stolen corporate login credentials, network infections, spyware deployment, data loss, data theft, reputational damage and lawsuits. Get expert insights into smishing prevention, below.

How brands can prevent smishing impersonation

Smishing is particularly damaging when it involves the impersonation of your brand. Major brands like Amazon.com and AT&T are commonly impersonated, but it can happen to any brand at all. For small brands, the effects of impersonation may lead to long-term consequences.

A survey found that 75% of consumers in Saudi Arabia, and 78% of consumers in the UAE would stop spending money on goods or services offered by hacker-impersonated brands.  In other words, impersonation can potentially result in devastating business declines.

For that reason alone, your brand should make every effort to help consumers navigate around impersonation messages, and to end impersonation attempts altogether. These tactics can support you:

Non-technical

1. 1. Brands can ensure that they have consistent, easily recognizable messaging, which enables consumers to maintain a stronger sense of which messages are likely to be real, and which are more likely to be fake.
   2. Consider adopting rich messaging, which allows you to ensure that messages display showing your brand’s logo.

IT-based

1. 3. On the technical side, enforce DMARC. This is an email validation system that can identify anyone who is using the brand’s domain without authorization.
   4. Leverage third-party brand protection services that rely on machine learning and scans in order to detect attack patterns before they appear in the real-world.
      

How to prevent employees from falling for smishing

Share these smishing-prevention approaches with your peers, employees and contacts.

• Inform those around you about Do Not Call/Do Not Solicit Registries that they can sign up for.
• Encourage employees to update phone security settings when prompted, helping to prevent malware or viruses from infiltrating the device.
• Let employees know that they can and should verify suspicious or unsolicited text messages through alternative channels ahead of responding to them, even if the messages exude a sense of urgency.
• Help people prevent the arrival of messages from unknown senders.

For Android phones: Instruct users to tap the three-dot icon in messages > Settings > Spam protection. Then, have users check the Enable Spam Protection toggle. After enablement, phones will analyze texts and auto-block suspicious-looking messages.

For iPhones: Instruct users to tap Settings > Messages and then enable Filter Unknown Senders. Once enabled, visit Settings > Notifications > Messages > Customize Notifications and disable “Unknown Senders”.

• Inform employees about the pretexts that smishers commonly use to lure victims. These include (but are not limited to) order confirmation, verification of activity on an account, public safety updates, delivery verification and delivery cancelation.
• Implement powerful technological anti-phishing solutions that provide protection across all attack vectors, including smishing. Learn more about protecting your organization’s mobile devices from smishing attacks here, and consider requesting a free demo.

Conclusion

Billions of SMS’s are sent around the world each day, and a growing percentage of them are smishing attempts. Brands should take steps to avoid impersonation and to help employees avoid dangerous smishing threats. After all, a single text message could lead to significant brand damage.

For more information about smishing and phishing, please see CyberTalk.org’s past coverage.