Mobile Devices Become Prime Smishing Targets

Mobile Devices Become Prime Smishing Targets

Increasingly, energy company employees are using their mobile phones to complete work. Corporations benefit because the devices improve productivity, but one downside is they become potential entry ways for criminals. Recently, the bad guys have been enticing employees to click on fake hyperlinks and gain access to corporate resources. So, how can utilities tighten up their cybersecurity defenses?

Energy companies invest in mobile devices because they are convenient and intuitive. Criminals understand that not only does everyone have smartphone, but also increasingly, they use them to complete their work. As a result, text messaging channels become an enticing path for criminals.

What is Smishing?

Smishing is the term that describes how the texting ruses function. Criminals buy and sell cell phone number lists on the Dark Web. The bad guys then use automated systems to randomly dial numbers and send messages to individual and corporate smartphones. Smishing is a form of malware that tries to trick employees into clicking on bogus links that are disguised legitimate correspondences, such as emails from coworkers, customers, or suppliers.

Cybercrime is a major business, so the crooks spend a lot of time, money, and effort making their malware look legitimate. In many cases, the trick works. The employee clicks on a link and enters personal information, like their username and password. The criminals then take the information and use it break into energy company networks.

Once inside, the bad guys attack in various ways. They steal credentials, compromise systems, and move around horizontally and vertically within your organization’s technology infrastructure looking for sensitive data that they can sell to other crooks, destroy, or use as ransomware.

How to Guard Against Smishing Attacks?

Recognizing smishing’s potential problems, companies search for ways to thwart the hackers. The challenge is crooks attack the weakest link in the enterprise security chain: the end user. Therefore, the process of closing up potential holes begins with educating users. Many do not know about the problem or understand how technology functions.

Utilities can invest in training programs, so users become aware of the potential problem and understand why they need to take steps to thwart it. They can learn there are steps that they can take to ensure that a hyperlink is legitimate.  

For instance, workers can check the URL. Many times, the crooks use URLs that are close but not identical to legitimate webpages. One example is  https://www.eeia.gov instead of https://www.eia.gov.

Another fix is going directly to the account provider’s login page. Rather than click on a link in text, follow a trusted link that is stored in a place like a Favorites folder.

Criminals work overtime trying to break into energy company networks. Smishing is the latest variation on their malware themes, one that leverages the smartphone’s growing importance among energy companies. Utilities need to recognize the problem and then work with employees to tighten up the security defenses, so the tricks are not effective.