The Federal Communications Commission (FCC) has issued an advisory about a substantial increase in Robotext scams via automated smishing attacks.
These attacks involve unsolicited and automated text messages impersonating entities such as government agencies or familiar businesses.
Verizon’s 2022 Mobile Threat Index reports 45% of organizations have suffered a mobile compromise in 2022. That number increased 50% from 2021, and users using mobile devices in 53% of organizations have access to more sensitive data than a year ago.
It shouldn’t come to any surprise that the FCC has put out an advisory warning about the increased use of robotexting-based phishing scams targeting mobile users, commonly called smishing. The FCC noted that unwanted text messages include false but believable claims about unpaid bills, package delivery snafus, bank account problems, or law enforcement actions.
According to the Federal Trade Commission, Amazon is the most impersonated brand in smishing attacks. Apple, Chase, Bank of America, Citigroup, and Wells Fargo are also common in robotext scams.
Some malicious SMS’s may also contain links aimed at stealing personal information for use in subsequent attacks or sale to other threat actors. Cybercriminals such as FluBot operators also leveraged smishing attacks to spread malware.
Warning signs of malicious robotexts or smishing messages include:
- Unknown numbers
- Misleading information
- Misspellings to avoid blocking/filtering tools
- 10-digit or longer phone numbers
- Mysterious links
- Sales pitches
- Incomplete information
Being proactive is key
Here are some simple steps you can use to combat smishing attacks:
- Avoid responding to unsolicited text messages even with the word “STOP” or “NO.”
- Do not click on any links included in such SMSs. If your contact sends a link via text, confirm that they have not been hacked.
- Avoid sending sensitive information via text messages
- Report texting scam messages to SPAM (7726) and file a complaint with the FCC
- Check for misspellings and text messages from email addresses
- Delete all malicious texts from your phone
- Update your device’s operating system and security apps
Knowledge is power
NTELogic has partnered with KnowBe4, the world’s leading provider of cybersecurity training, to bring organizations like yours a tailored security awareness training platform without the hassles of doing it yourself. Contact us today to learn more or to register for our free phishing test offer.