This the season for shopping, and with it comes a surge of deceptive “missed delivery” smishing messages aiming to pilfer our finances, data, and identities. On a positive note, Proofpoint data indicates a slowdown in smishing growth over the past 18 months in various regions, signifying its transition into a persistent threat rather than an escalating one.
Nonetheless, the danger persists. Recent research reveals that 66% of UAE organizations encountered at least one smishing attempt in 2022. Moreover, these attacks are evolving, becoming more specialized and cunning.
A notable development is the rise of conversational attacks on mobile platforms, with a global increase of 318% in the past year. These tactics involve attackers sending multiple messages, mimicking authentic engagement patterns to establish trust. Impersonation has become a prevalent trend, where attackers pose as someone known to the victim, such as a family member or business associate, significantly increasing the likelihood of the victim falling for the ruse.
One common impersonation tactic involves claiming to be a child with a lost or broken phone—a classic example of social engineering exploiting parental anxiety. This often leads to convincing the victim to switch to platforms like WhatsApp before requesting a money transfer, with amounts ranging from small to substantial.
As economic uncertainties persist, recruitment scams have migrated from email to mobile. After an initial SMS approach, attackers aim to continue interactions on messaging services, potentially leading victims into advanced-fee fraud, personal data theft, or unwitting involvement in money laundering for criminal groups.
While the growth in smishing may have slowed, its ubiquity has increased alongside heightened sophistication. The risk to users and the mobile ecosystem remains severe, particularly as our phones continue to play a central role in professional, financial, and personal spheres.
In the UAE, a Proofpoint study found that 35% of surveyed employees received suspicious text messages, underscoring the widespread nature of these threats. Alarmingly, 37% of employees in the UAE are unfamiliar with the term ‘smishing,’ highlighting a critical awareness gap.
Given the diverse and targeted nature of scams, falling victim to an attack can incur significant costs. To combat this, it is crucial to stay vigilant, report suspicious content using Android and iOS reporting features, and raise awareness to fortify defenses against the ever-evolving landscape of mobile-based cyber threats.
