SMS phishing (smishing) threats aren’t talked about enough. We need to teach and simulate these threats, beyond just phishing threats targeting employees.
E.g., Customers of Rogers (mobile carrier) are being enticed by SMS messages offering compensation for a recent sustained outage.
There are an infinite number of variants on this kind of attack the employees really need to be aware of, from both business and personal contexts. IT teams have so few resources, they only do basic phishing simulations, but they don’t realize the unnecessary hidden costs and risks they are facing when they have this mindset.
Traditional training and simulations don’t have an effective way to teach and assess employees’ ability to spot a wide variety of smishing threats like this one. Phishing training needs to be balanced with education and simulation on the many threats targeting employees, such as:
Photo by Jonas Leupe on Unsplash
For just $325 USD, you can run a 6 week, automated program for gamified phishing awareness training and challenges. (Limited time offer. Normally valued at $999 USD)
Use Promo Code: 6WEEKS
1. Smishing (SMS)
2. Vishing (Voice calls by humans)
3. Robocall Vishing
4. Social media phishing (Facebook and LinkedIn impersonations, etc.)
5. In-person social engineering scenarios
Employees must LEARN and PRACTICE spotting these dangerous threats, in addition to phishing. Traditional phishing simulations don’t effectively address these in any scalable or efficient way.
IT managers should be adopting more economical and effective platforms for engaging employees, to improve their resilience against all threats, including and beyond phishing.
Scott Wright is CEO of Click Armor, the gamified simulation platform that helps businesses avoid breaches by engaging employees to improve their proficiency in making decisions for cyber security risk and corporate compliance. He has over 20 years of cyber security coaching experience and was creator of the Honey Stick Project for Smartphones as a demonstration in measuring human vulnerabilities.