1 / 5

SMSishing Attacks

SMSishing Attacks. Jim Horwath July 2012 GIAC GSE, GCUX, GCIA, GCIH, GREM, GSEC, GSIP. What is SMSishing?.

symona
Télécharger la présentation

SMSishing Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SMSishing Attacks Jim Horwath July 2012 GIAC GSE, GCUX, GCIA, GCIH, GREM, GSEC, GSIP

  2. What is SMSishing? • SMSishing: Is criminal activity similar to phishing where SMS messages are sent to a mobile phone trying to scam users into responding to bogus messages (links/phone numbers/text messages). The SMS messages entice people to divulge personal information. • Result: After user respondsto the bogus message,charges start accumulating on the user’s cellular bill. • Why: Most phone contracts do not have clauses in them protecting users from SMSishing scams. The attackers and cellular providers each profit from this scam.

  3. Why Do SMSishing Attacks Work? • Human Emotion Fear: • Fear of loosing money • Fear of false accusations • Fear of harm to friends and loved ones • Fear of dark secret revelation • The Weak Link: • Mobile devices lack protections to spot malicious messages • People think mobile devices are safe • Most recipients do not think twice about clicking on links in text messages

  4. How to Protect Against SMSishing • Common Sense Approaches • Review bank and credit card policies on sending text messages • If you receive a message – ask if it sounds too good to be true • If you receive a message – ask if it is trying to instill fear in you • Use Text Alias Feature of cell providers • Enable “block texts from the Internet” feature is available from your cellular provider • Look carefully at the message for mistakes such as spelling and grammar errors

  5. SMSishing Summary • Criminals will find the easiest and most lucrative way to make money • Mobile devices are common among all demographics • Mobile devicesare a perfect target for criminals • Mobile deviceslack protection against SMSishing • Leverage available controls from cellular companies • Use common sense when sending and receiving text • Review cellular contracts for “scam protection” clauses • Know policies of financial companies you use • Educate family and friends to SMSishing attacks

More Related