Mobile Industry, Banks, and NCSC Collaborate To Stop Smishing 

Mobile Industry, Banks, and NCSC Collaborate To Stop Smishing

Smishing, also known as text messaging scams, is a measure scammers use to trick people and make them share passwords and account details with fraudsters or even sending them money.  Because of the outbreak of COVID-19, there are more fake messages sent via SMS or other communications platform claiming to come from medical networks or governments issuing advice regarding COVID-19. However, victims’ personal identity information (PII) or money would, in fact, get stolen once they click the link. The coronavirus related scams have already cost more than £2million in recent months, by estimation. Nowadays, we have an increasing number of text messaging scams because scammers know that the government is sending out messages to people. Therefore, this is a good timing to send out texts which are spoofed those are from the authorities.   

In this case, the UK’s mobile and banking industries have teamed up with the National Cyber Security Centre (NCSC) to stop smishing. Now the Mobile Ecosystem Forum (MEF), Mobile UK, and UK Finance, supported by the NCSC collaborate on SMS SenderID Protection Registry, which allows organizations to register and protect the message headers used when sending messages to customers. With this measure, the public should be protected from smishing attacks with over 400 variants of scams blocked so far, which including 70 relating to coronavirus.  

LIFARS’ Cyber Resiliency Team will simulate a real phishing attack to your organization and based on the results collected and our in-depth analysis of the company email system (encryption, protocols, filters, etc.), we will help optimize the system to increase the overall security posture to help keep cyber criminals from entering your network. Scenario-based phishing simulation assesses the current level of employee awareness and the strength of your network defenses. Our experts will launch targeted phishing campaigns based on real-world scenarios observed by our experts. Using both common and uncommon methods, including malicious attachments, URLs, specialized emails, as an attempt to lure your employees. Upon completion of the simulation, a detailed report is produced, complete with gaps and recommendations to elevate your security posture and awareness. 

Full-Scope Email Audit: Our team will follow up by conducting an audit of the entire email system to help identify gaps in your security. We will examine email use within your organization for a period of time and based on the results collected and our own experience we will set up filters, whitelists, and blacklists to prevent common and advanced (targeted) email attacks on your organization. 

Fine-Tuning Technology: Many businesses have technology in place capable of providing reasonably good email security. We will evaluate and fine-tune your existing technology to provide optimal security for email communication. We ensure that all security controls in place are properly configured and functioning optimally. 

Employee Training: Even with the most advanced technology in place, the human factor should not be underestimated. A well-educated and vigilant workforce plays a crucial role in preventing advanced social engineering attacks, including email attacks. Our Cyber Resiliency Experts will train your employees with real examples from the assessment stage to demonstrate the threat and importance of being prepared.