The widespread adoption of remote working has created many new opportunities for cybercrime and fraud. In particular, law enforcement agencies are reporting a boom in text-based phishing. This type of attack poses a major threat to organisational security, as well as the security of individual employees.
What is text-based phishing?
Phishing is a form of fraud in which a cybercriminal sends messages which appear to come from a trusted source. These messages seek to trick the receiver into providing sensitive information, often bank details.
Until recently, most phishing attacks took place via email. Increasingly, however, phishing attacks are launched via SMS and other messaging services. These attacks take advantage of the fact that smartphone users are used to receiving text notifications from trusted organisations. Because text messages are short and plainly formatted, fake messages are harder to spot than fake emails, which can often be recognised by their poorly-written text and low-quality graphics.
What are the most common frauds?
Cybercriminals use many different approaches to trick their victims, and new frauds are being discovered all the time. However, some frauds are especially widespread, in part because they are especially effective.
The best known is the delivery-alert fraud. In this form of phishing, the victim receives a message which appears to come from a familiar courier service. The message usually reads something like:
“We attempted to deliver your parcel today at 8:32am, but we were unable to do so. To schedule a new delivery please visit: https://info-redelivery-ghgh.com”
When the link is clicked, the victim is taken to a webpage where they’re asked to enter sensitive information. Often, they’re told they need to pay a redelivery fee and asked for bank details to process the transaction.
What are the risks?
Other common text-based frauds include texts which appear to come from an internet or phone provider, texts which appear to come from HMRC, and texts which appear to come from well-known retailers like Amazon.
Financial loss is only the most obvious risk of text-based phishing. Attacks launched at work phones can result in large-scale data theft, with massive reputational damage.
Falling victim to a phishing attack can have long-term psychological consequences for the victim too, including persistent guilt, regret, and loss of confidence.
How can the risks be managed?
While nothing can guarantee safety from text-based phishing, generally people who have been thoroughly informed of the risks are unlikely to fall victim. This makes training the go-to preventative measure for most organizations.
Elearning provides training through a digital interface, which makes it an optimal way to deliver digital security training. It makes use of gamified interactivity, animated video, and other digital resources to replicate the phishing experience and prepare employees for the social engineering techniques they might encounter.
At Real Projects, we’ve developed training courses in text-based phishing and other aspects of remote working digital security, calibrated for employees at every level. We can also help you to adapt your own training materials as elearning courses. To find out more, email us at firstname.lastname@example.org or call us on 01603 273918