The Rise of "Smishing"
Scammers are deploying sophisticated tactics to target consumers on all platforms, including on your very own mobile phone. The rise of ‘smishing’ is sounding alarm bells in the business community. Given its ability to target virtually anyone with a smartphone, SMS phishing attackers are a growing threat to both consumers and the business community.
SMS phishing, also known as ‘smishing’, is on the rise. In December 2021, nearly 470 individuals fell prey to a SMS phishing scam involving one of Singapore’s most established banks, OCBC Bank. At least SGD$8.5 million dollars were lost in these scams, where scammers impersonated the bank in a text message asking them to key in their iBanking account login details. They would only realise they had been scammed once they received notifications informing them of unauthorised transactions charged to their bank accounts.
The fact that even a large and established company such as OCBC Bank could be effectively impersonated by scammers is alarming, to say the least.
The threat of SMS phishing is a very real threat. Not only does it target consumers, it can be an effective weapon against businesses as well. Worryingly, SMS phishing attacks are more difficult to block than email phishing, and business employees are especially vulnerable in the post-COVID-19 era. While it is relatively simple to block email phishing on corporate-owned PCs, more and more employees are using their personal devices to access corporate apps and data.
As compared to PCs, there is no simple nor convenient way to verify the authenticity of URLS on smartphones. As such, corporate apps, data, and online portals can be quite easily hacked into, leaving confidential company data at the hands of malicious parties, and potentially leading to millions of dollars lost for the company. In fact, it’s been reported that more hackers are targeting businesses by using an individual employee’s credentials, where 2021 is noted as the milestone year signaling a move from identity theft to identity fraud.
Moreover, companies may need to compensate for losses suffered by consumers in the event of such attacks; in the recent OCBC Bank phishing attack for instance, all affected customers received ‘full goodwill payouts’ covering the money lost.
There is also the intangible, non-monetary impact. A business which falls victim to such phishing attacks will undoubtedly lose credibility in the eyes of its consumers and supporters; after all, if you fail to even secure your basic online defences, how would I then expect you to store my confidential data and personal information? The loss of credibility can be devastating; and its impact almost immeasurable.
Needless to say, there is an increasingly urgent need to secure our online defences, especially for corporate businesses. The Monetary Authority of Singapore (MAS) reinforces this call for heightened security in its recent statement, issued in January 2022:
MAS expects all financial institutions to have in place robust measures to prevent and detect scams as well as effective incident handling and customer service in the event of a scam.’
It appears that institutions are responding to this call for heightened cyber security. Citibank Singapore, in consultation with the Monetary Authority of Singapore, is employing more stringent measures to bolster the security of digital banking, including phasing out clickable links in emails or text messages sent by 31st January 2022. They are also progressively sending out secure convenient push notifications via the Citi Mobile App for servicing and marketing purposes.
The consequences will be dire should your online security systems prove to be insecure. There is a need to secure your cyber security at all levels, and ensuring that your digital presence is well-protected against any and all hacking attempts.
It is time to take a proactive approach to your firm’s cybersecurity. Invest in your digital defences, and contact us today.
Article by Stephanie C. Heng
(Absolutely free with no hidden cost and future obligation)