In a smishing simulation, SMS is used as a phishing tool in order to obtain sensitive (company) information. This phishing tactic is available as a service to test and train your company and employees.
Protecting your company from smishing
Do your employees have a company phone? Then it is advisable to set up a smishing simulation. It may sound unusual, but cybersecurity knows no bounds. As technology and communications evolve, hackers follow closely. Smishing is a form of social engineering and plays on the goodness of man.
Smishing is successful precisely because it is unexpected and relatively unknown. In addition, a phone contains a lot of sensitive information and may also be connected to the corporate network. A single moment of inattention can have far-reaching consequences.
Why a smishing simulation?
With employees working from home more often, there is less (direct) contact with colleagues. This means that suspicious situations and other issues are less likely to be discussed. That makes your employees more vulnerable. Also, the scam doesn’t even have to be related to your organization. For example, there was a growth in COVID-related smishing activity during the corona pandemic.
You understand that if your employees’ phones contain corporate information and/or are connected to the corporate network, then a hacked phone is a threat. Our smishing simulation service is designed to make your employees aware of the risks and tactics used in smishing attacks. By training your employees to recognize these threats, you strengthen your first line of defense against cyber attacks.
Variants of smishing
Although smishing is strictly about SMS phishing, this tactic also takes place on other communication applications. Think of Whatsapp, Signal and Telegram. In the Netherlands, for example, a large number of people have been scammed via Whatsapp. The criminal posed as the son or daughter and indicated that they had a new number. In the end, the request was to transfer money for an unpaid account. This scam has worked on a lot of people.
Who is a smishing simulation for?
Nowadays, a smishing simulation is basically for any business. But especially for companies where employees have a company phone, or are connected to the company network.
Get started immediately on informing your employees? Implement a policy that sent links from strangers should not be opened. Even if you think you know the sender, you should be wary. Choose the safe bet and call the person from whom you received the link to verify.
In addition to a smishing simulation, you may also want to opt for a phishing simulation and vishing simulation. Whether or not supplemented with security awareness training.