SMS PHISHING TRAINING

SMS phishing

Train your employees to recognize smishing

Smishing or SMS phishing is a form of cybercrime where someone approaches you via text messages. The goal of SMS phishing is the same as phishing: to obtain information. That information is then misused to further infiltrate your organization.

For example, a fraudster poses as a colleague from the IT department in an attempt to infiltrate the network, or as someone from HR looking for the last piece of information to make his move. Thanks to our training, you can prepare your employees on how to recognize smishing and help prevent security incidents – practically, effectively and cost-efficiently.

What is Smishing?

E-mail is by no means the only channel that lends itself to phishing. Internet criminals also know how to find you via text message. We call this smishing or ‘SMS phishing’ and,  just like we have done for phishing, we have developed a specific separate training course on this topic. We see that this form of fraud is becoming more and more popular, because your employees can also be asked to provide information such as login data and bank details via text message.

There are a lot of risks tied to smishing, especially now working from home has become the norm and it’s more common to be approached via text in a business related manner.  Work and private life have become even more intertwined. In addition, there is no technology or IT-support to prevent smishing and protect against it. After all, no matter how secure your network or systems are, no firewall can stop an attack if they log in after getten information via text message phishing. , Therefore, raising awareness –especially on the risks of smishing – is crucial for any organization.

What are the risks of smishing?

One of the biggest risks of smishing is the fact that the recipient often thinks the sender is a trusted source. It’s child’s play for malicious parties to manipulate the sender’s details: using spoofing, they send the message from what looks like the phone number of a colleague or supervisor. Also, mobile users generally respond much faster to text messages than to emails; almost 90 percent are opened immediately, compared to an opening rate of only 20 percent for email.

In addition, your attention and attentiveness on mobile devices is also different. Thanks to social engineering, fraudsters know who to target, and what to ask. They choose the right tone and know how to gain trust.

Finally, we see in practice that social engineers regularly use various fraud tools (such as phishing and vishing – voice phishing) together. This makes it necessary to increase information awareness and resilience on all fronts. We therefore recommend combining the training courses.

What is the Awareways SMS phishing training?

SMS phishing training is not a generic simulation, but it’s customized to match your organization’s daily practice, work situation and information facilities as closely as possible. Scientific research is used to develop the strategy, with well-known scam principles as a leading source. A sense of urgency is also created among employees to take action and provide information.

How it works

We send a text message to your employees, in line with how a realistic outside attack is deployed. Using spoofing, the sender shown is, for example, a colleague, department head or manager. The message can be sent to the entire organization, or specifically targeted to a high-risk department.

The message includes a link to a landing page, formatted in the organization’s recognizable tone and style. Employees following the link are met with an explanation on the purpose and background of the training. They also receive concise tips and advice for dealing with this type of attack and other forms of phishing, and learn how to report such incidents. The simulation concludes with a report.

The content of the SMS phishing training can be aligned with the learning objectives of other interventions, or deployed as a stand-alone campaign. SMS phishing as an attack strategy is no longer a fictitious idea, but a realistic and high-risk security incident that can also affect your organization, and something which employees must be prepared for. With our team of experts we have developed an effective approach to make any organization resilient against SMS phishing and other forms of digital threats.

AWAREWAYS Cultuurscan

Supporting reports

Employees directly receive intensive training, customized and set to each individual level. In addition, it provides valuable learning material for the entire organization. After this intervention, you also get an insightful report of the results.

This report is also customized for your organization, where we discuss the results and you get a complete overview of the learning points. 

We’ve all seen studies naming the number of cyber fraud cases or certain success rates, but if reports and research actually are focussed on your organization specifically, that’s when real impact is made.

AWAREWAYS

Euclideslaan 141 3584 BR Utrecht
+31 (0)30 227 14 67
info@awareways.com

Contactformulier