Amplix logo
Resources Insights Watch out for Smishing! Here’s How to Stay Safe.

Watch out for Smishing! Here’s How to Stay Safe.

Smishing is SMS Phishing. You receive a text with an urgent and seemingly plausible message. As you engage with the sender, they will attempt to gain personal information or send you a link to a login for some application you use to capture your credentials. Any number of bad things can happen after that, including falling victim to ransomware, having your bank accounts drained, identity theft, blackmail, etc.

This personal problem becomes a business challenge when the victim is an employee, accidentally gives up corporate system credentials, or executes a malicious file that infects their device and connects to a corporate network.

A real-world example of this happened to a member of our Amplix team recently. Here’s the scenario:

In Massachusetts, where we are headquartered, there is a week each year when schools are closed, and, typically, families use this time for family vacations. We strive for work-life balance, but we are a fast-growing company that manages critical technology infrastructure for our customers. So we need to remain operational, available, and responsive. 

During this week, a member of management received the following text claiming to be one of our C-level executives:

“I need you to confirm your current availability. I’m in a meeting, can’t take calls. I have a task, and I need your assistance. Thanks, [C-Level Employees Name]”

Even though it didn’t come from a known phone number, it would be easy to make the mistake of engaging with this text while you’re on vacation and juggling your family life with the needs of the business. Luckily, this member of the team was vigilant and considered the following:

  • Have I received a text from this employee before?
  • Is the phone number correct? 
  • Maybe said C-Level employee got a new number?

In actuality:

  • The number wasn’t his
  • It was a St. Louis area code – not MA
  • The language used sounded nothing like this C-Level employee
  • The likelihood they got a new number was very low

Based on all these clues, this person did the smart thing and verified the text by texting the known number of our C-Level executive confirming.

The instant response was, “No, but thanks for checking”.

Just taking a moment to use critical thinking and a simple follow-up potentially mitigate a cybersecurity incident. All of the cybersecurity defense products and services in the world can’t protect your business from social engineering attempts like Smishing But, here’s what can:

  • Awareness – employees need to be repeatedly reminded of these types of threats and how critical it is for them to be wary of clicking unknown links, responding to unknown texts, speaking to unknown callers, and divulging critical information like credentials.
  • Training – there are companies like our partner Thrive Networks who can provide training courses on how to identify and respond to these attempts, and vulnerability testing where they attempt to trick employees into falling prey to Phishing, Smishing, and other social engineering. Practice makes perfect.
  • Zero Trust – by architecting your networks with layers of authentication that never assume an attempt to gain access from a “known user” is valid, you can mitigate the damage done by a successful social engineering attempt.

Business moves fast, and technology and user sprawl happens just as fast. The evolution of cybersecurity threats happens even faster. It takes a village to protect your network and data. Amplix can help by bringing together industry leaders in all areas of cybersecurity to guide you toward a safer and more secure future. Talk to us today!

Find out how Amplix can increase your Return on IT