SMS-phishing has been gaining ground as an easy way to defraud people. Here are some ways to push for safer messaging.

Phishing is most prevalent in cyberattack campaigns, but smishing (SMS phishing) is gaining ground.

The outdated Short Message Service has been exploited by cybercriminals and expanded to also include similar tricks via other messaging platforms.

Smishing attacks often include fake claims for parcel delivery administration, alerts of disruptions to services or subscriptions; or tempting promotions urging unsuspecting victims to launch malicious URLs included in the message. Of late, a more sophisticated method involved the use of phishing websites, and spoofed websites bearing similar-looking URLs to the original official websites.

It is common for threat actors to register websites with domain names similar to legitimate company websites to deceive end-users.

Know their devious tricks

Advanced phishing attacks use homoglyphs and typosquatting techniques to trick users into clicking on malicious links:

  • Homoglyphs: Threat actors use deceptive characters to create spoofed hyperlinks that appear visually indistinguishable from the official URL address. The technique leverages the Unicode system that incorporates multiple writing systems with similar-looking characters.
  • Typosquatting: Threat actors register misspelt URLs of genuine organizations to trick end-users into divulging sensitive information.

If unaddressed, smishing attacks not only lead to financial losses, but also cause significant damage to the reputation of affected organizations. However, for years, global attempts to tighten control over the sending of mass SMSes with spoofed sender IDs have been feeble at best.

One approach to stop such domain masquerading attacks is to disrupt them midstream when threat actors are still preparing for an attack.

By leveraging deep-learning technologies and cyber threat intelligence, organizations can put in measures to detect attacks before, during and after attacks. This approach allows organizations to proactively disrupt potential smishing attacks before they are launched, putting them ahead of their attackers:

  1. Pre-emptively generating a list of domain names that look similar to legitimate company domains
  2. Monitoring this domain name list for registration changes (An early warning indicator of attacker activities)
  3. Leveraging threat intelligence to identify ongoing campaigns and their related domain
  4. Investigating the domains for logos and visual similarities to legitimate domains as evidence for takedown

Another novel approach that has enhanced detection of smishing/phishing attempts leverages image recognition and transformer neural networks.

By integrating this approach into the technology stack, together with up-to-date cyber threat intelligence, organizations can automatically detect and correlate elusive phishing attacks, as well as uncover lookalike domains hidden to the naked eye with greater accuracy and confidence.

(Editor’s note: In Singapore, a full-fledged Anti-Smishing system to replace an obsolete pilot solution will be implemented to identify SMS spoofing of sender IDs and block them outright. The improved version of the SMS SenderID Protection Registry (SSIR) is in response to recent spates of smishing attacks in the country leading to millions of dollars in losses. Other countries should step up legislation to revamp SMS technology and outlaw the inclusion of any clickable links in messages to the public.)