Text message fraud: Defending your business against ‘smishing’

0
Text message fraud: Defending your business against ‘smishing’

In today’s digital age, businesses face an ever-growing array of cyber threats, and one that’s becoming increasingly prominent is smishing.

Smishing — a blend of “SMS” and “phishing” — is a form of phishing that takes place through fraudulent text messages (SMS).

What is smishing – and how does it work?

Jonathan Ogden

Smishing is text message fraud involving the use of text messages to trick individuals into divulging sensitive information or clicking on malicious links.

Much like they do in phone number spoofing, fraudsters often employ text spoofing to send you messages from a number that appears on your phone as KeyBank or another reputable company you do business with. These criminals often claim to be investigating fraudulent activity on your account.

One frequently used tactic involves a hacker saying they need to verify you as a client. They then ask you to provide your login ID, password, and one-time security code. Once provided, they have full access to your account and can transfer funds to themselves.

In another common tactic, the hacker includes a fraudulent link in the text that takes you to a spoofed website that looks virtually identical to a legitimate site, such as KeyNavigator or KeyBank Business Online. Once you attempt to sign in to the fake site, your credentials are captured. From there, the hacker will attempt to obtain your one-time passcode under the guise of “helping resolve your log-in issues” to gain full access to your account.

Why is smishing a concern for businesses?

Smishing tactics look deceptively legitimate.

Smishing is particularly effective because the text messages, spoofed numbers, and spoofed websites are often virtually indistinguishable from authentic ones. People trust the tactics on appearance and are falling victim at an alarming rate.

As more employees use their cellphones for work purposes, smishing is becoming a major concern for businesses. Fraudsters are increasingly using smishing to target businesses of all types, industries, and sizes — and we’ve received reports of KeyBank clients being targeted.

The monetary cost is substantial.

Experian reports that 87.8 billion smishing attacks resulted in an estimated $10 billion in consumer losses in 2021 alone.1 And fraudsters are increasingly targeting businesses over consumers because business accounts typically provide a more lucrative payout.

With business smishing attacks on the rise, and more sizeable bank accounts at stake, the monetary risk smishing poses to businesses is immense.

Smishing can have a significant impact on a company’s bottom line — and its reputation. The best way to mitigate these damages is to avoid becoming a victim in the first place.

How to protect your business from smishing

Safeguarding your business against smishing attacks requires a coordinated effort between business leadership and all employees.

Best Practices for Business

• Invest in continuous education to stay on top of emerging fraud trends.

• Report any suspicious texts regarding your accounts to your financial institution immediately.

• Employ a third-party expert to identify, disable, and prosecute websites impersonating your brand.

• Create and enforce a policy for using personal mobile devices for business purposes.

• Ensure your employees are registered for and using strong authentication (FIDO security keys, fingerprint validation, facial recognition, etc.) to sign in to online banking sites.

•Remind employees to:

» Be cautious of all unexpected text messages.

» Never share sensitive information via text, including log-in IDs, passwords, or one-time passcodes.

» Verify a suspicious text immediately by calling a known phone number or contact at the business or financial institution.

Your bank can be a good partner to work alongside you and your employees to help secure your business against smishing and other forms of fraud.

About the author: Jonathan Ogden is Senior Vice President, Commercial Relationship Manager with KeyBank in Rochester. He may be reached by phone at 585-238-4190 or email at [email protected].

This material is presented for informational purposes only and should not be construed as individual tax or financial advice. Please consult with legal, tax and/or financial advisors. KeyBank does not provide legal advice. KeyBank Member FDIC.© KeyCorp 2024 CFMA #240823-2748791

e

link

Leave a Reply

Your email address will not be published. Required fields are marked *