Smishing: Trojan Horse Scam Invading the Text Messages of Aussies

Smishing is an imminent threat infiltrating the lives of Australians everywhere and it’s coming in the form of the message bubble.

It seems like common knowledge in this day and age to avoid clicking on suspicious links in your e-mail inbox—but what if the same scam e-mails you’re receiving can make themselves shorter, more believable, and more well-hidden?

From 2020 to 2021, Australians have fallen victim to cyberattacks every 8 minutes, a 13% increase from the previous financial year, and hackers are not slowing down their momentum. The latest strategy employed by vicious hackers consists of smishing scams—an SMS-based scam that hackers use to disguise themselves as brands you buy from, stores you frequent, and even government protocols you are a part of.

So How Does it Work?

Much like phishing attacks via e-mail, smishing scams rely on you making a mistake. During these scams, the attacker will send a text that entices the user to click an external link or reply to a message. This action, if taken, leaks your private data directly into the hands of hackers. These messages come in many forms and often require you to enter information on an untrustworthy website once prompted. These texts can look like:

  • Brands offering big discounts
  • Online surveys that promise gift cards or bonuses
  • Congratulatory messages about winning a prize or raffle
  • Warnings about suspicious bank activity
  • Threats about the Australian Tax Office targeting you for inconsistent filing
  • False government information and more

What Makes Smishing so Dangerous?

As we strengthen our cyber awareness, we know that e-mail scams are just that—scams. But you may be wondering why it is so easy to succumb to the dangers of smishing compared to other cyberattacks. The answer is that we live in a world that is constantly overloaded with information. This information can come in the form of social media posts, television shows, advertisements, messages, and more. The danger of smishing lies in its ability to camouflage and insert itself into your everyday life so that you click on links and open messages without care, just like you’re used to.

A smishing attack is like a trojan horse—it is something that looks normal and trustworthy on the outside due to the products and information we receive on a daily basis. However, the dark reality lies on the inside when you interact with seemingly regular texts. One click, one reply, or one filled-out form can be the difference between having everything and losing everything.

Who is Being Targeted?

In 2021 alone, Australians have lost over $9M to text messaging scams. Hackers rarely discriminate, but when they do, it’s usually people or enterprises with a lot to lose. Smishing scams often target individuals since it is relatively simple. But their ultimate target? Small-medium-sized enterprises with lucrative assets.

Hackers are even able to target employees, gather their personal information, and use that information to access the systems of businesses they are employed by. Without the proper IT services in place, along with educating your employees on cyberattacks, businesses can be in great danger and must plan accordingly.

How COVID-19 Has Affected Smishing Attacks

The COVID-19 pandemic shut people out of the world and into their homes. This meant more time to immerse yourself into your phone and less time to worry about the repercussions of a tech-reliant society. In addition to all of the destruction caused by the pandemic, attackers saw this as an opportunity.

When the pandemic hit, hackers did what hackers do best and preyed on the weakness of others by finding any chance they could to infiltrate your technology and steal your personal information, along with your money.

So What Can You Do?

While you shouldn’t have to live life in fear of a smishing attack, there are a number of steps businesses can and should take to protect their assets due to data breaches caused by such human error. Here are some preventative solutions any business or IT leader can employ right now for their companies:

  • Education: Implement a cybersecurity awareness training program to ensure your entire workforce is trained to recognise what common smishing attacks look like and the forms they come in.
  • Assessment: Assess your risk—use cybersecurity platforms and scoring tests to assess your current business risk and vulnerability.
  • Protection: Protect passwords—use strong passwords and don’t give out any sensitive business information, especially when prompted by malicious links.
  • Preparation: Put a disaster recovery plan in place—while you should be protecting your business, some cyberattacks can slip through the cracks. Ensure that your company put a disaster recovery plan in place in case things go wrong, beyond your control.

Stop Data breaches Before they Happen with PhishNet

The best way to protect against phishing attacks is to prevent them in the first place. This is most easily accomplished by cybersecurity awareness training. Staff who receive effective cybersecurity awareness training are better prepared to recognise and take the necessary steps to avoid a phishing attempt.

PhishNet delivers highly effective, engaging, and affordable cybersecurity awareness training to help businesses mitigate the risks of human error data breaches.

Talk to PhishNet today to learn more or check out our free Risk Assessment.