Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Business Email Compromise (BEC) Attacks Go Mobile Using SMS to Increase Attack Success

    20WaystoBlockMobileAttacks

    Compromise-by-Text turns out to be an even better medium for cybercriminals to fool users into becoming victims. A new article from security vendor Asigra demonstrates how and why.

    We’ve recently covered the increase in the use of mobile devices as an attack vector by cybercriminals. Examples of SMS-based attack tactics were recently covered in an article by researchers at Asigra, where they cover a mobile attack in detail, highlighting why using mobile messaging (SMS) is a great idea for a cybercriminal.

    The BEC attack starts out with an email sent to the victim supposedly from someone higher up in the organization asking them for their personal cell number. This switching of mediums seems to lessen the likelihood of the victim realizing it’s a scam. Then the attack generally turns to either the CEO gift card scam or some kind of fraud activity.

    Once provided with the mobile number, the medium switches to text only. This give the cybercriminal a few advantages:

    • Credibility – if the victim has given out their mobile number, they already believe the other person is the higher up. And since the only identification in the text is a mobile number, there’s no sender address to look at and realize it’s a bogus email.
    • Participation – since texting is a far more interactive medium, the scammer can be actively be involved with the victim. In the case of a gift card scam, the victim can communicate issues like not having the cards requested, etc. and get an immediate response from the scammer.
    • Delivery – in the case of a gift card scam, sending pics of the gift cards is now a simple task, making it easy for the scammer to obtain their payoff.

    Users need to be wary of any kind of requests supposedly coming from the CEO or anyone else of authority. Proper Security Awareness Training will dictate that anytime requests involving money, banking details, etc. should require a phone call to the requestor. That same training will also educate users on these kinds of scams, empowering users to quickly identify and avoid them. We have dedicated training modules against these types of mobile attacks

    Preview the World's Largest Security Awareness Training Library

    Not a customer yet? You can get access to see our full library of security awareness content; you can browse, search by title, category, language or content topics. There are 850+ ways to educate your users with interactive modules, videos, games, posters, newsletters and more. Browse the world's largest library and see it for yourself:

    Start Your Preview

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/training-preview

     

    Return To KnowBe4 Security Blog

    Topics: Security Awareness Training

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews