What is smishing?
We all use online services such as online shops frequently in our lives. And many of us also like to use their mobile device to access online shops, follow promising ads or to get notifications for certain services. We tend to trust well known brands for their integrity and we trust them when they send us notifications. But this trust is used by attackers to threaten mobile security. With the help of SMS Notifications they want to infect mobile devices with malware and steal data. This method of fraud is called “Smishing” - a combination of SMS and Phishing.
If a mobile device falls prey to a Smishing SMS it can have dire consequences. Most commonly, the data on the device is spied on and sold by the attackers. In the worst case, the mobile device stops working altogether. Especially in work environments this can pose a big risk, since not only are companies obligated to protect the data of their employees and customers, but they also need to protect their companies’ data.
Signs a device was threatened with smishing
Smishing SMS often inform the user that a package for them has arrived somewhere and needs to be collected or they inform the user that a package will be returned, if they don’t collect it soon. Especially for people who shop online often, this sounds quite logical.
In the SMS the reader is prompted to download an app via link. And often these links look as if they come from well known and trusted brands like Amazon, DHL, FedEx or UPS.
However - if the link is clicked, a malware is automatically downloaded and it will begin to cause harm immediately.
The smishing SMS can look different though - sometimes the user is prompted to click the link in order to access a voicemail. Other times it seems as if the SMS is informing the user about a security update for their mobile device. There are also cases where users get a notification that the mobile device was infected with malware and in order to repair it, they need to download the software hidden behind the link.
For tech-savvy people this might seem like a big pile of irony, but if someone is not familiar that these kinds of threats exist, they will most certainly be scared and click the link.
Of course, the network providers know of these problems and they try to counteract. But as they improve their spam filters, blocklist features and so on - the attackers are also evolving. That means although security measures on mobile devices are good, the user still needs to be on lookout.
What can you do if smishing happened and how to prevent it
Wherever there is data, there will be someone who wants to steal this data. Even if you think: “There's not much to steal from me,” - Remember how often you’ve used applications like PayPal or Klarna via your mobile device? Or how often you used the mobile browser to access your favorite sites? All these tracks are traceable on the internet. If an attacker gets hold of logins and so on, it gets quite easy for them to get even more data, going as far as identity theft.
The best way naturally is to prevent this from happening. This is why we have collected some tips for you:
Use an MDM to secure mobile devices:
Of course, as an MDM provider, we strongly advise to use an MDM in work environments.
This way, you can block SMS, you can block known scam numbers and you can prevent downloads which are not approved by the organization.
Educate the employees on the dangers of smishing:
We cannot stress enough how important a security guideline for your company is.
It should also contain a guide on how to avoid smishing SMS. Employees must know that they shouldn’t click links from an unknown source and that they should delete these messages directly. Eventually the company can install a third-party provider block.
If the employees use their own devices at work (BYOD), it still might pay off to educate them on this topic.
You can also read more about the topic here.
What can you do if it was successful?
We strongly advise not only to create a mobile device security guideline from the start, but also to create an emergency plan that covers the case when smishing was successful.
Employees need to know what the company will do when a smishing attack is detected and of course what they can do. The first step is to remove the device from the internet, to prevent it from spreading malware to other devices. The network provider must be informed and they will also set up a third-party blocker.
Next steps include checking the bank account for unjustified payments and of course informing the police. (Make sure to take the phone with you as evidence)
Afterwards the only way to remove the malware is to completely reset the device - which includes the deletion of photos, data and so on.
Successful protection with the help of an MDM
With the MDM, 'violations' can be predefined. These are predefined processes that are automatically activated when there is a special reason. These reasons can be:
- Rooting detection
- Unwanted app installation
- Unwanted App deinstallation
- Deactivation of the device admin
If there is a violation, the admin can set up the following automations:
- Automatic email notification
- Lock device
- Apply custom policy according to your company's wishes
There is also the possibility to implement firewall rules on Samsung devices. This allows individual IPs, IP ranges or domain names to be blocked or allowed.
Alternatively, you can block certain websites and content on iOS devices via an individual content filter or on Android devices via an individual browser configuration.
An MDM can also be used to ensure that no (private) apps can be installed outside the Play Store. This ensures that only tested and officially published apps are installed on the devices.
On business-only devices, the app catalog could also be restricted to the point where only apps specified by the company can be installed.
If these notices come too late and a device is already infected, a full factory reset can be performed remotely using MDM. This deletes all data (including the external memory card) from the device.The security of mobile devices is a complex interplay of preventive measures, defense against attacks and damage limitation in case something happens. An MDM can support you in this!