SMS Phishing as the Preferred Choice of Phishing Attacks
November 29, 2021 - Proofpoint is noting an alarming trend of SMS-text phishing to attack mobile users and their devices. In comparison to the first half of 2021, global reports of SMS-phishing has increased over 270%.
The use of text messages as a phishing vector is popular because it is more effective versus email-based phishing. On average, 30% of phishing emails are opened by their intended recipient, and 12% of recipients will click on a malicious link or open a malicious attachment from a phishing email. In contrast, SMS-phishing texts have a 98% opening rate, and 90% of messages are opened within the first three minutes according Proofpoint -- That is a click-through rate of eight times more on SMS-based vs. email-based phishing.
SMS-phishing can come in a variety of flavors disguising as:
Amazon/Fedex/UPS/USPS deliveries
Request for information from some authorities like the IRS, local or state government.
Bank and other online services notification
Account breach notification
Winning prize notification
What are the best practices to consider?
Look out for and delete suspicious messages that may describe packages you did not order or transactions you never conducted.
If you are expecting a package from a delivery service, use the official site to verify the package tracking status.
Avoid downloading and installing software that you did not request.
Never click a link to an unsolicited text.
Never give away personal data like PINs, card numbers and passwords.
Use a landline where possible.
If you are not certain, independently verify the legitimacy of the text by calling your bank or online services using the official contact number/email listed at the official site.
Comments