Epwin Absence line: 0300 303 3984
January 7, 2025

Cyber Security update – January

Smishing

In this month’s update we will focus on smishing which is a cyber-attack that targets you using text (SMS) messages, we all use mobile devices for business and personal reasons therefore we are all at risk from this type of attack.

Most smishing attacks work like email phishing and come in many elaborate forms, some examples below:

  • Account Verification Scams: you receive a text message claiming to be from a reputable company or service provider, such as a bank or a shipping carrier. The message typically warns about unauthorised activity or asks you to verify account details. When you click the provided link, you’re directed to a fake login page, where credentials can be stolen.
  • Prize or Lottery Scams: Informed that you’ve won a prize, lottery, or sweepstakes. To claim your prize, you must provide personal details, pay a small fee, or click on a malicious link. The goal is either to steal sensitive information or money.
  • Tech Support Scams: You receive a message warning about a problem with your device or account with a request to contact a tech support number. Calling this number can lead to charges, or the “technician” may request remote access to the device, leading to potential data theft.
  • Bank Fraud Alerts: These messages appear to come from your bank, warning about unauthorised transactions or suspicious activities. You are then prompted to click on a link to verify their transactions or call a number, both controlled by the attacker.
  • Tax Scams: Many people receive messages claiming to be from tax agencies such as HMRC. These messages often promise tax refunds or threaten penalties for supposedly unpaid taxes, urging you to provide personal or financial details.
  • Service Cancellation: The attacker warns you that a subscription or service (like a streaming service or software subscription) is about to be cancelled due to a payment issue. You’re urged to click on a link to “resolve” the issue, which usually leads to a phishing page.
  • Malicious App Downloads: You receive a message promoting a useful or entertaining app. Clicking on the download link leads to installing malicious software on your device.

Here are some things you can do to prevent smishing attacks:

  1. Anything that demands you act quickly or with a sense of urgency should be questioned.
  2. Never click on links embedded inside text messages.
  3. Check the number that sends a message asking for information or to click a link inside it. If it looks suspicious, it is possibly a smishing attack.
  4. Never keep your banking or credit card information on your phone. Malware can be used to access it.
  5. If you do not know who is texting you, do not reply to the message or click anything inside it
  6. Do not respond to requests to change or update account information via text message.

Reporting Suspicious Texts

Most phone providers are part of a scheme that allows customers to report suspicious text messages for free by forwarding it to 7726. If you forward a text to 7726, your provider can investigate the origin of the text and arrange to block or ban the sender if it’s found to be malicious.

Android iPhone
  1. Take a note of the number that sent you the message.
  2. Enter the conversation then press and hold on the message bubble.
  3. Tap on the three vertical dots on the top right of your screen.
  4. Tap Forward.
  5. Input 7726 and send.
  1. Take a note of the number that sent you the message.
  2. Press and hold on the message bubble.
  3. Tap More.
  4. Select the message or messages you want to forward.
  5. Tap the arrow on the bottom right of your screen.
  6. Input 7726 and send.

Cyber Security Training

January’s training will focus on SMS attacks and by the end you’ll have learned how hackers use smishing scams. The module will take no longer than 10 minutes to complete and please do so within two weeks.

Reminder emails will be sent from KnowBe4 for those who still have outstanding training, please check the Junk Email folder and you can log in to your training dashboard at https://eu.knowbe4.com/ui/login.

Reporting Suspicious Emails

We all have a responsibility to be “Human Firewalls” against Cyber Security threats, following the above advice and taking regular training will help us protect the business.

 If you receive any suspicious emails, please report via the Phishing button. Also, if you accidentally open an attachment or link, and are then concerned that it may be malicious, please contact the ICT Helpdesk.