With organizations heavily focusing on protecting the corporate endpoint, cybercriminals are switching focus onto mobile devices where users are more prone to fall for their social engineering tactics.

What are Smishing Attacks?

One strategy that bad actors are employing is known as Smishing – SMS based Phishing attacks.  Imagine receiving a text message from “Amazon” telling you there’s a problem with your delivery, encouraging you to click a link.  That’s a smishing attack.

We consume so much content from people you don’t personally know that it’s not part of your everyday process to stop and be critical of what’s being presented to you. And that’s exactly what cybercriminals are taking advantage of.

According to security vendor Zimperium’s 2023 Global Mobile Threat Report, text-based phishing attacks are not only on the rise, but there are examples of how the cybercrime ecosystem is responding to the “need” and making it easier for such attacks to take place.

• Between 2021 and 2022 (the time frame covered in the report), the total number of mobile malware samples detected increased by 51%
• During 2022, an average of 77,000 unique malware samples were discovered each month
• Zimperium detected an average of 2,000 pieces of “zero day” malware weekly
• 80% of phishing sites now either target mobile devices specifically with smishing attacks, or are designed to function on both mobile and desktops

Why are Smishing Attacks Becoming a Problem?

The reason why this growth is occurring is purely because mobile device users are far more likely to engage with attack content than if they were on a traditional endpoint. Think about the magnitude of the headline of this article; if a user was just 8% likely to click on a malicious link on an endpoint, they are as much as 80% likely to click on the same link when presented on a mobile device. That’s a huge difference and why smishing attacks are so effective!

And with 73% of organizations that experienced a mobile-related compromise described it as a “major” breach, it means that these kinds of attacks are as serious as their endpoint-focused counterparts. And with the heightened risk of user engagement, it’s absolutely necessary that users be enrolled in new-school security awareness training to educate them on the kinds of attacks and social engineering being used, how to spot it, and how to ensure they don’t participate by engaging with the malicious content.

Protecting your employees from attacks like smishing is one reason that Inacom offers Security Awareness Training from KnowBe4 as a part of our cybersecurity offerings.  KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Train your Users to Recognize Smishing Attacks with Inacom

If you’d like to learn more about KnowBe4, receive a Baseline Security Awareness report, or save money on a KnowBe4 subscription for your organization, give us a call at 410.543.8200 today.