[Heads-up] Cybercriminals Are Moving To Mobile Phishing for Gift Cards Scams



bec-mobile-email-image

Scammers are shifting to SMS to carry out business email compromise (BEC) attacks, since text messaging offers less visibility to the victim and more flexibility to the attacker, says James Linton at Agari.

BEC attacks have traditionally centered around email exchanges, although phone calls and text messages can play a role. Agari has observed a recent trend, however, in which attackers send an initial email requesting the victim’s phone number, and the rest of the scam takes place via text message.

“By moving them over to their cell phone, the scammer is equipping their victim with all the functionality needed to complete the task that is to be given to them,” writes Linton. “A mobile device offers instant and direct messaging, the ability (in most cases) to still access email, the ability to take pictures with the phone’s camera, and far greater portability than a laptop, which all increases the chances that the scammer will be successful in achieving their desired outcome once a victim is on the hook.”

As an example, Linton points to a scammer group tracked by Agari that impersonates the targeted organization’s CEO, and then attempts to trick an employee of that organization into buying gift cards and sending photos of the codes to the attacker.

“In a mobile BEC scam, the actor has the ability to play a greater role in guiding the victim throughout the entire gift card buying process,” he says. “SMS is more conversational in nature than email, which mitigates potential stumbling blocks in the completion of the task.”

While SMS-based phishing, or smishing, is nothing new, attackers are increasingly starting to see the advantages of SMS for more elaborate scams. And think about your policies, too. If your C-suite is in the habit of having employees make large-scale purchases of gift cards on the company dime, maybe you should rethink that. New-school security awareness training can help your employees keep up with the constantly evolving tactics used by attackers.


Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/phishing-security-test-offer



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews