Pub. 18 2023-2024 Issue 6

TECH TALK Smishing Text Messaging Gone Rogue Shane Daniel, Information Security Consultant, Team Lead SBS CyberSecurity A Familiar Scenario A customer service representative at a community bank answers an incoming call. The caller claims they received a text message about their account from the bank, but states they aren’t a customer of the bank. The caller is confused and demands to know how the bank got their number and why the bank is sending unsolicited texts to their personal cell phone. In reality, the bank didn’t send a text message to the caller. Criminals can obtain active cell phone lists for a particular area, then pose as a local business to indiscriminately send thousands of messages to every number on the list. The plan is to cast a wide net, hoping to snare as many victims as possible. The recipients and the impersonated organization are unfortunate victims of a growing criminal threat known as smishing (SMS phishing). What is Smishing? Smishing is a social engineering attack in which malicious text messages are sent to unsuspecting victims. The messages impersonate legitimate sources and entice targets to divulge personal information or unknowingly install malicious software on mobile devices. Over 300 million smartphone users across the U.S. send roughly 2 TRILLION text messages each year. However, smishing is still a relatively new attack method in comparison to phishing. With a lack of awareness and the sheer number of targets, it’s no surprise attackers are turning to smishing. Continued on page 26 24 NEBRASKA BANKER

RkJQdWJsaXNoZXIy MTg3NDExNQ==