Business cybersecurity is both urgent and important. On the one hand, the data already exceeds the value of most of the raw materials with which a company works. On the other, the speed at which hackers develop new viruses, or new systems to steal information or cause damage is staggering.
This week we are telling you about a new SMS phishing fraud . In the middle of last month, an SMS campaign allegedly sent by Correos was detected. The aim was to direct the victim to a fake website. Remember that this technique of impersonating a page of a company or institution on the web is called phishing . The intention was to steal credentials, personal or bank details of the victim who innocently clicked on the link received by SMS. It is a key case of SMS phishing.
The text of the message looked like this:
Dear customer, your package could not be delivered on 10/11 Because customs fees have not been paid.
SMS Spoofing Indicators
Let’s see in the message that there are several indicators of falsehood:
On the one hand, it includes a call to action to make a profit (receiving a package). If we look at the link, it is a shortened URL that does not respond to the web that it claims to be (in fact, in this case the hackers did not even bother to “make up” the url a bit to make it look like emails).
Finally, if you click on the link (which you should not do), it refers to a website that belongs to a different domain than the official website.
However, where hackers have been very skilled is that the message is located in the same section where similar SMS messages have previously appeared (if we have received them).
Hackers have managed to go through the Post Office, because they have used an identity theft system by SMS. There are several pages from which you can send fake SMS (another thing is that it is legal to usurp the identity of a sender). For example, Smsgang / , Spofbox , or Pranktexts.
These websites pretend that their service is an innocent joke, but several of the options they propose would lead to illegal actions. The systems used by hackers are not as accessible, and allow them to change the FROM field of SMS messages. Thus, the user believes that he or she is receiving a message from a trusted sender.
Business Cybersecurity Recommendations Against Phishing
Faced with this type of fraudulent actions, we share with you the recommendations of the National Cybersecurity Institute , they are:
- HAVE AN ANTIVIRUS: Always have an antivirus with antiphising for mail and web pages.
- Keep your systems and antivirus updated, with the signatures up to date and activated.
- BE ALERT: Stay tuned for social engineering attacks (urgent or flattering messages).
- VERIFY: If you have doubts about the veracity of a message or its origin, contact the sender by other means.
- CHECK THE URLS: Do not click on a URL to enter your information without first hovering over the link to check if the site you are redirected to is legitimate, and verify that it is secure (https :).
- BEWARE OF SHORTENED URLS: You can’t tell if the destination is legitimate or not. Legal sites never use them to ask you for information.
- CAUTION WITH ATTACHMENTS. Be careful when downloading attachments in emails, SMS, messages on WhatsApp or social networks, even if they are from known contacts.
- BEWARE OF DOWNLOADS. When downloading a file, never click on “enable content” unless you trust the source it came from.
- DISTRUST OF THE UNKNOWN. Do not open SMS, or emails from unknown users or that you have not requested: they must be deleted directly.
We hope that with these recommendations (Business Cybersecurity) you do not take the bait of a hacker who tries to steal your data. But, if it happens to you, do not hesitate: inform your bank or the supplanted entity, and report it as soon as possible.
Also Read : SEO Or SEM