Buguroo is warning about the growing threat of SMS phishing, which is more commonly known as smishing. Smishing is comparable to other forms of phishing, insofar as the fraudster will send a message with a malicious link that either leads to a fake website or installs malware on the user’s device when clicked.
The difference is that a smisher will send the malicious link via text message rather than through email or some other channel. In many cases, the message will be inserted into an otherwise legitimate text chain between the victim and their financial institution, which gives the message the appearance of authenticity and makes the attack more difficult to spot.
Buguroo notes that many people have a personal relationship with their phones, and are consequently more likely to trust the messages they receive there than they will be to trust messages sent through another medium. People are also not as aware about potential threats to their phones, and do not take the same precautions that they would with suspicious emails.
That combination can make smishing more effective than other forms of fraud, as was demonstrated in a recent series of attacks that targeted the Bank of Ireland. Fraudsters told customers that their card had been compromised, and then sent a link to a fake website that asked users to input their card information to register for a new one. In truth, the website was set up to harvest personal information, which was then used to take over the victims’ accounts.
The Bank of Ireland was unable to spot the fraud because the criminals used real login information. As a result, the organization was eventually forced to reimburse more than €800,000 that was taken from as many as 300 individual account holders, taking the brunt of the fraud losses as it tried to preserve trust and prevent further damage to its reputation.
With that in mind, buguroo argues that financial institutions need better ways to identify fraudsters who are able to steal legitimate credentials. The company advocates for behavioral biometrics, which looks at the way in which information is entered to spot changes that could indicate that a different person is sitting at the keyboard. The bank can then step in to prevent suspicious transactions from going through.
Buguroo has previously warned that the increase in remote traffic has created more opportunities for fraudsters during the COVID-19 pandemic. The behavioral biometrics specialist has since received a European Technology Innovation Award from Frost & Sullivan.
November 3, 2020 – by Eric Weiss