Smishing for mobile banking details increases – RSA

19 Jul 2012

Beware of smishing! The practice of sending a text message to a user’s mobile phone in an attempt to get them to divulge mobile banking details is on the rise, warns IT multinational EMC’s security division RSA.

Smishing, or SMS phishing, usually involves a call to action for the intended victim that requires an immediate response.

“Success rates are higher with a smishing attack compared to ‘phishing’ because consumers are not conditioned to receive  spam on their mobile phones so they are more likely to believe that the communication is legitimate,” said Jason Ward, EMC’s country manager in Ireland.

“While a majority of fraud attempts are still targeted at users in the online channel, as banking services go mobile so are the attacks targeting (mobile) banking customers. Whereas most ‘phishing’ emails are stopped by spam filters, there is no mainstream mechanism for weeding out spam text messages,” he said.

About 3pc of all fraudulent transactions now originate in mobile devices but that number is expected to rise as financial service providers move products and services to the mobile channel.

“Financial institutions have been able to control standard ‘phishing’ attacks, with many banks building partnerships with internet service providers to share intelligence, such as feeds of spam emails. But ‘smishing’ presents a new series of challenges and financial institutions still rely heavily on customers to report suspicious text messages,” Ward said.

EMC also warns mobile banking users about the spread of Trojans which automatically inject extra fields into a log-in page requesting credit card numbers and ATM PIN codes.

“The portable nature of mobile devices brings convenience – but with convenience comes vulnerability and it is important that users are aware of the risks they face as the cyber threat landscape evolves at pace,” said Ward.

Phishing image via Shutterstock

Tina Costanza was a journalist and sub-editor at Silicon Republic