‘SMiShing’ – A New Security Threat
Yet another alert addresses for all consumers, corporate end users and security-focused solution providers. This time a high-profile data breach is the concern and linked to it is the unusual new hacker attack.
The statement comes from McAfee's Avert Labs that singles out the latest innovation in data collection, SMiShing or phishing through SMS. This blended attack originates from criminals trying to mislead users to a malicious website using text message.
McAfee describes the process that begins with an SMS text message being sent to users on their mobile phones, expressing thanks for becoming subscribers to a bogus dating service. The message mentions a daily subscription fee of $2.00 being automatically charged as an addition on their phone bill till the time they cancel their subscription on the website. The same message has undergone spamming to the comments section of various bulletin boards.
This revelation acts as an additional indication of the increasing abuse of devices by creators of malware, viruses and scams.
A few may be able to identify the email as a scam but the majority doesn't suspect anything amiss. Misled users would make it a point to visit the website concerned in their fear of being billed premium rate phone charges. However on visiting the website they are directed to a program download that is allegedly a free antivirus software. But in reality it is a Trojan horse that turns PCs into zombies under remote control of a hacker. Once the PC joins the zombie network, it has the potential to initiate attacks with service denials and send spam.
It isn't children alone who indulge in short message service or SMS. There are enterprises that depend extensively on it due to its low cost for customer service, internal alerts, emergency communication and other purposes.
Nevertheless, even with SMS the scenario is repeated as with other forms of communications. If the control is not stringent, the risk of security breaches faces businesses, mostly due to a user's mistake.
One can imagine the damage enterprise networks would face should hackers devise a way to exploit SMiShing to a greater extent. A large enterprise usually means a workforce of thousands using an assortment of devices to access the networks.
It's best that enterprise give due attention to this matter and reconsider policies to increase security on mobile device well in advance, instead of taking action only after an attack. The best way to counter the menace is to ensure that employees are made aware of the latest threats.
Related article: “Loopholes did not cause online banking thefts”: ICBC
» SPAMfighter News - 12-09-2006