Compromise-by-Text turns out to be an even better medium for cybercriminals to fool users into becoming victims. A new article from security vendor Asigra demonstrates how and why.
We’ve recently covered the increase in the use of mobile devices as an attack vector by cybercriminals. Examples of SMS-based attack tactics were recently covered in an article by researchers at Asigra, where they cover a mobile attack in detail, highlighting why using mobile messaging (SMS) is a great idea for a cybercriminal.
The BEC attack starts out with an email sent to the victim supposedly from someone higher up in the organization asking them for their personal cell number. This switching of mediums seems to lessen the likelihood of the victim realizing it’s a scam. Then the attack generally turns to either the CEO gift card scam or some kind of fraud activity.
Once provided with the mobile number, the medium switches to text only. This give the cybercriminal a few advantages:
Users need to be wary of any kind of requests supposedly coming from the CEO or anyone else of authority. Proper Security Awareness Training will dictate that anytime requests involving money, banking details, etc. should require a phone call to the requestor. That same training will also educate users on these kinds of scams, empowering users to quickly identify and avoid them. We have dedicated training modules against these types of mobile attacks
Preview the World's Largest Security Awareness Training Library
Not a customer yet? You can get access to see our full library of security awareness content; you can browse, search by title, category, language or content topics. There are 850+ ways to educate your users with interactive modules, videos, games, posters, newsletters and more. Browse the world's largest library and see it for yourself:
PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser: