This special interest group covers mobile technologies and approaches that are helping utilities do business today. 

Post

Mobile Devices Become Prime Smishing Targets

image credit: Photo 242017223 © Stevanovicigor | Dreamstime.com
Paul Korzeniowski's picture
B2B Content producer, Self-employed

Paul is a seasoned (basically old) freelance B2B content producer. Through the years, he has written more than 10,000 items (blogs, news stories, white papers, case studies, press releases and...

  • Member since 2011
  • 1,492 items added with 514,813 views
  • Dec 19, 2022
  • 324 views

Mobile Devices Become Prime Smishing Targets

Increasingly, energy company employees are using their mobile phones to complete work. Corporations benefit because the devices improve productivity, but one downside is they become potential entry ways for criminals. Recently, the bad guys have been enticing employees to click on fake hyperlinks and gain access to corporate resources. So, how can utilities tighten up their cybersecurity defenses?

Energy companies invest in mobile devices because they are convenient and intuitive. Criminals understand that not only does everyone have smartphone, but also increasingly, they use them to complete their work. As a result, text messaging channels become an enticing path for criminals.

What is Smishing?

Smishing is the term that describes how the texting ruses function. Criminals buy and sell cell phone number lists on the Dark Web. The bad guys then use automated systems to randomly dial numbers and send messages to individual and corporate smartphones. Smishing is a form of malware that tries to trick employees into clicking on bogus links that are disguised legitimate correspondences, such as emails from coworkers, customers, or suppliers.

Cybercrime is a major business, so the crooks spend a lot of time, money, and effort making their malware look legitimate. In many cases, the trick works. The employee clicks on a link and enters personal information, like their username and password. The criminals then take the information and use it break into energy company networks.

Once inside, the bad guys attack in various ways. They steal credentials, compromise systems, and move around horizontally and vertically within your organization’s technology infrastructure looking for sensitive data that they can sell to other crooks, destroy, or use as ransomware.

How to Guard Against Smishing Attacks?

Recognizing smishing’s potential problems, companies search for ways to thwart the hackers. The challenge is crooks attack the weakest link in the enterprise security chain: the end user. Therefore, the process of closing up potential holes begins with educating users. Many do not know about the problem or understand how technology functions.

Utilities can invest in training programs, so users become aware of the potential problem and understand why they need to take steps to thwart it. They can learn there are steps that they can take to ensure that a hyperlink is legitimate.  

For instance, workers can check the URL. Many times, the crooks use URLs that are close but not identical to legitimate webpages. One example is  https://www.eeia.gov instead of https://www.eia.gov.

Another fix is going directly to the account provider’s login page. Rather than click on a link in text, follow a trusted link that is stored in a place like a Favorites folder.

Criminals work overtime trying to break into energy company networks. Smishing is the latest variation on their malware themes, one that leverages the smartphone’s growing importance among energy companies. Utilities need to recognize the problem and then work with employees to tighten up the security defenses, so the tricks are not effective.

 

Discussions

No discussions yet. Start a discussion below.

Paul Korzeniowski's picture
Thank Paul for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »