There is no doubt that the COVID-19 pandemic opened up a whole new world of opportunities for cybercriminals. People were distracted, they were spending more time on their devices, and ordering items online became an even more common occurrence.
Many people fell victim to scam messages that appeared to be from a well-known delivery company, stating that their package had been delayed and they needed to confirm their details to authorise its release. This type of cyberattack is known as ‘smishing’, or ‘SMS phishing’.
In a smishing attack, cybercriminals attempt to trick the recipient into clicking a link in a text message. The intention is usually to gain access to the victim’s bank account, but they may also be trying to steal personal information such as passwords and email addresses.
Attackers use manipulative social engineering tactics to appeal to people’s emotions, and the messages often carry a sense of urgency that prompts them to reply or click on a link.
The astronomical rise in smishing attacks
Gavin Kelly, CEO of Retail Ireland at Bank of Ireland, reported that there has been a huge spike in smishing attacks since the beginning of the pandemic. He attributed this to fraudsters “recognising an opportunity to target consumers as we spent more time using phones and computers”.
In 2021, Bank of Ireland reported a 184% increase in the number of customers being targeted by cybercriminals. Edel McDermott, Head of Fraud at BOI, warned of the potential financial impact, “with fraudsters attempting to defraud close to five times more money than in the same period in 2020”.
What does a smishing attack look like?
It can be difficult to distinguish between a scam and a legitimate text message since attackers are always finding new ways to prey on people’s hopes and fears.
Some examples include messages like: “Congratulations, you’ve won a million dollars! Click here to claim your prize!” or “Your DHL order is out for delivery. Click here to track its progress”.
Another common form of smishing is a text message from your bank, telling you that there’s been a suspicious login attempt on another device, or your account has been suspended.
If you’re not aware of smishing attacks like this, you might do exactly what the attacker wants you to do: panic and click the link in an attempt to resolve the matter.
Smishing attacks usually fall into one of the following categories:
- An official-looking text message from your bank, alerting you to a temporary block on your account or an unauthorised payment that requires your attention.
- A message that encourages you to visit a website or download an app onto your phone.
- Messages that appear to be from someone you know, like a friend or colleague, urgently asking you to transfer money to their account.
- A message from Facebook or Instagram that alerts you to a suspicious login attempt in another country.
If you click the link provided in any of these messages, you’ll usually be prompted to enter personal details such as your bank account number, PIN, email address or password. These details are then instantly shared with the attacker and can be used to blackmail you, spy on you, steal money from your account, steal your identity, or any number of other fraudulent purposes.
Consequences of smishing
In June 2021, the head of the Garda National Economic Crime Bureau reported that thousands of euros had been stolen in a series of smishing attacks. Over just three days, there were more than one hundred attacks, with the stolen sums of money ranging from €2,500 to €19,500.
The financial repercussions of a successful smishing attack can be severe, and unfortunately, there is no guarantee that the money will be reimbursed.
After approximately €800,000 was stolen from Bank of Ireland customers in a spate of smishing attacks, the bank initially told those affected that they were liable for the losses because they had voluntarily clicked the link and supplied their account details.
Amid public pressure, the bank changed its stance and promised to reimburse those affected by the scam. However, they warned that reimbursements were not guaranteed in the future.
How to avoid falling victim to a smishing attack
In order to safeguard your business against smishing attacks, ensure that you and your employees are aware of the warning signs.
If you receive a message with a request of any kind, take a moment to analyse it before responding. Remember, any credible financial institution will never ask you to divulge your PIN or account number via text message.
If you receive a message that is malicious in nature, delete it immediately. As long as you don’t click on a link or reply with your details, the message itself will not cause any harm. If you are in any doubt as to the legitimacy of the message, err on the side of caution and check with the supposed sender directly. If they didn’t send it, delete it.
How can Calnet IT help?
If you want to avoid your business becoming another cybercrime statistic in 2022, consider partnering with a professional Managed Services Provider like Calnet IT.
Our cybersecurity services include:
Firewall-as-a-Service (FWaaS)
A firewall is essential in protecting your company’s entire network against cyberattacks. Our managed FWaaS provides a flexible and affordable way to maintain best-in-class firewall protection for your business, as well as ongoing maintenance and regular upgrades.
Cyber Security Awareness Training
To stand the best chance of identifying and responding appropriately to a cyberattack, everyone in your organisation should receive cybersecurity awareness training. Our comprehensive training includes simulated attacks and in-depth reporting to reduce the risk of your business falling victim to a genuine cyberattack.
Network Infrastructure Support and Security
We provide tailor-made infrastructure support services, giving you the peace of mind that your network is being continuously monitored and managed by a team of experts.
Contact Calnet IT today to find out how our proactive, affordable and reliable services can help safeguard your business against cyberattacks in 2022 and beyond.