While emails continue to be the primary vector that hackers use to compromise systems, a new technique is emerging that uses the same basic concept but with a twist. Our smartphones have increasingly become juicy targets for hackers as that is where most people forget to add any type of cyber security protection. Think about the apps you might have installed, are any of them for mobile banking, insurance, PayPal, Venmo, or personal investment related? Sure, the apps are secure and hopefully are regularly audited, but what about the mobile phone platform itself?
It doesn’t matter whether you have an Apple or Android device, Smishing is a new attack vector that is gaining popularity with cyber criminals. Smishing is, essentially, a phishing attack on your mobile phone. It is sent via text message, similar to alerts you may receive for packages being delivered. In fact, this past holiday season saw an explosion of these types of attacks, utilizing a FedEx delivery notification. It informed the victim that a package was on is way or had been delivered and asked them to click on a link to verify or delay the delivery. That link was a dropper for a malicious payload.
Zero Day exploits are being discovered for mobile phone platforms every day. It is important to install a quality anti-virus/anti-malware suite on your mobile phone and keep it up to date, as well as verifying suspicious text messages. Remember, it is important to verify the contents of text messages and emails with the sender if they contain links or unusual requests.
Here is a couple of software solutions that can help you protect your phone.