In 2021 SMS phishing (also known as smishing) attacks more than doubled year-on-year, according to Proofpoint. Cyber-criminals looked to compromise devices by using human error.
Proofpoint’s latest annual Human Factor report is based on an analysis of over 49 billion URLs, 2.6 billion emails, 1.9 billion attachments, 28 million cloud accounts, 1.7 billion mobile messages and many other data points.
The security vendor claimed that the increase in smishing could have occurred as a result of changing personal habits. Consumers also using their devices for work has given cyber-criminals the opportunity to target personal and work data. In the UK, 50% of smishing lures were related to fake delivery notifications.
The report also suggests a surge in telephone-based threats, including tech support scams and vishing attempts to distribute malware to users’ devices.
In these cases, the attacks often start with unsolicited emails that pretend to come to from legitimate sources and urge the user to call a helpline. If called the victim is put through to a malicious call centre.
The Proofpoint study urges that organisations should improve their approach to security awareness training, as over 80% of businesses are attacked by a compromised supplier account each month.
The report also found that managers and executives account for nearly half of attacks, out of the 10% of users actually compromised. Likewise, departments, such as HR and finance, are more likely to be targeted because of their handling of sensitive material.
The report stated that “knowing where the highest privilege-based risks exist, whether that is individually or departmentally, is a crucial step in defending any organization from attack.”
“High-privilege users can receive additional training to manage the elevated threat against them. Departments dealing with sensitive or valuable data may benefit from additional layers of security or oversight.”