SMShing Explained

SMShing is a common attack method used in the wild to target companies, using targeted text messages towards staff mobile phones. These messages can be generic or a more focused ‘spear’ type message, depending on how much information is already known by the attacker.

The sender ID of any SMS can be edited to use a custom name resulting in an alarming situation where any message can be masked to appear from colleagues, managers, company names, network providers – The list of possibilities is endless.

In a real life SMS attack, usually a click through link is provided in the message, which could give those with malicious intent, browser and device information, IP addresses and locations. If you are then directed to a portal, passwords can even be obtained. A pop up box on your mobile can also be included to retrieve your iCloud password.

Very few businesses adopt SMShing assessments in their testing habits, this would be hugely beneficial to any company wanting to defend against these attacks and to identify vulnerabilities and staff training needs.

How We Can Help

We are the only company in the UK to offer a full SMShing campaign, by combining consultant managed campaigns with the carrier level contacts we have we can offer you a truly unique service.

Here is what we can provide your company with:

• Bulk text messages can be sent – Covering 1 member of staff to 1 million.

• Custom sender ID – We can mask the sender with a custom name or number.

• Full data analytics – Every text message traced, Every click and time saved.

• Guide users to reply with information – To click a link or even navigate to a custom login portal that will harvest credentials, right from their mobile phone in seconds.

• Secure data – Your staff data is in good hands every step of the way. We work directly with the nation’s safest SMS centres and have a face to face data transfer procedure.

Every assessment is completed with a report, detailing all information including confirmation delivery/pending/failed reports, times and dates of when text messages were sent and delivered, country locations, a breakdown of technical data and a full remediation including recommendations.

This SMShing assessment report can be used in companies to highlight training effectiveness and monitor your companies procedures. Giving you the advantage in a real life attack situation.

Take a look at how we are working to reduce these frauds in our blog Project ‘Sender ID’