1 1 smsishing attacks jim horwath july 2012 giac gse, gcux, gcia, gcih, grem, gsec, gsip
TRANSCRIPT
![Page 1: 1 1 SMSishing Attacks Jim Horwath July 2012 GIAC GSE, GCUX, GCIA, GCIH, GREM, GSEC, GSIP](https://reader036.vdocuments.net/reader036/viewer/2022082610/56649d9f5503460f94a89f0b/html5/thumbnails/1.jpg)
1 1
SMSishing Attacks
Jim HorwathJuly 2012
GIAC GSE, GCUX, GCIA, GCIH, GREM, GSEC, GSIP
![Page 2: 1 1 SMSishing Attacks Jim Horwath July 2012 GIAC GSE, GCUX, GCIA, GCIH, GREM, GSEC, GSIP](https://reader036.vdocuments.net/reader036/viewer/2022082610/56649d9f5503460f94a89f0b/html5/thumbnails/2.jpg)
2
What is SMSishing?
• SMSishing: Is criminal activity similar to phishing where SMS messages are sent to a mobile phone trying to scam users into responding to bogus messages (links/phone numbers/text messages). The SMS messages entice people to divulge personal information.
• Result: After user responds to the bogus message, charges start accumulating on the user’s cellular bill.
• Why: Most phone contracts do not have clauses in them protecting users from SMSishing scams. The attackers and cellular providers each profit from this scam.
![Page 3: 1 1 SMSishing Attacks Jim Horwath July 2012 GIAC GSE, GCUX, GCIA, GCIH, GREM, GSEC, GSIP](https://reader036.vdocuments.net/reader036/viewer/2022082610/56649d9f5503460f94a89f0b/html5/thumbnails/3.jpg)
3
Why Do SMSishing Attacks Work?
• Human Emotion Fear:– Fear of loosing money– Fear of false accusations – Fear of harm to friends and loved ones– Fear of dark secret revelation
• The Weak Link:– Mobile devices lack protections to spot malicious
messages– People think mobile devices are safe– Most recipients do not think twice about clicking on
links in text messages
![Page 4: 1 1 SMSishing Attacks Jim Horwath July 2012 GIAC GSE, GCUX, GCIA, GCIH, GREM, GSEC, GSIP](https://reader036.vdocuments.net/reader036/viewer/2022082610/56649d9f5503460f94a89f0b/html5/thumbnails/4.jpg)
4
How to Protect Against SMSishing
• Common Sense Approaches Review bank and credit card policies on sending
text messages If you receive a message – ask if it sounds too
good to be true If you receive a message – ask if it is trying to
instill fear in you Use Text Alias Feature of cell providers Enable “block texts from the Internet” feature is
available from your cellular provider Look carefully at the message for mistakes such
as spelling and grammar errors
![Page 5: 1 1 SMSishing Attacks Jim Horwath July 2012 GIAC GSE, GCUX, GCIA, GCIH, GREM, GSEC, GSIP](https://reader036.vdocuments.net/reader036/viewer/2022082610/56649d9f5503460f94a89f0b/html5/thumbnails/5.jpg)
5
SMSishing Summary
• Criminals will find the easiest and most lucrative way to make money
• Mobile devices are common among all demographics• Mobile devices are a perfect target for criminals• Mobile devices lack protection against SMSishing• Leverage available controls from cellular companies• Use common sense when sending and receiving text• Review cellular contracts for “scam protection” clauses• Know policies of financial companies you use• Educate family and friends to SMSishing attacks