Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.


333 West San Carlos Street
San Jose, California 95110
United States


ChannelPro Network Awards

hello 2
hello 3


July 8, 2021 |

Phishing + SMS = Smishing

“Smishing”” attacks are hard for most businesses to identify and prevent. Here are some pointers for mitigating the threat.

NOT CONTENT to rely on email, cybercriminals are increasingly embedding phishing lures in text messages in a technique dubbed “”smishing.”” Smishing is particularly effective because people tend to click on text links frequently and impulsively, and unlike the misspellings and Nigerian princes that populate phishing emails, the brevity of texts mitigates those red flags.

Typically a smishing message conveys a sense of urgency, such as “”Your account has been compromised,”” or “”Your password has changed,”” explains Joseph Neumann, cyber executive adviser at Coalfire, a cybersecurity firm in Westminster, Colo. “The attacker attempts to get you to click on an embedded link to visit the site, and possibly download malicious content or enter credentials,” he says.

Joseph Neumann

Scammers may also effectively spoof messages from well-known companies and direct recipients to legitimate-looking sites, turning smishing into social engineering on steroids.

It’s on the rise too, according to Lawrence Cruciana, president of Corporate Information Technologies, a provider of cybersecurity services to SMBs in Charlotte, N.C. Anecdotally, Neumann agrees. “I currently receive two to three of these types of text a week, offering mortgage refinancing or account resets,” he says.

Attackers don’t just target individual users. According to the 2021 State of the Phish report from security company Proofpoint, 81% of U.S. organizations faced smishing attacks last year. “More commonly, smishing is part of a blended attack that is actually targeted into smaller organizations because they are easier prey,” Neumann says.

Lack of awareness is a top reason smishing is successful, Cruciana says. While many MSPs have done a good job with educating their clients about phishing, little attention has been paid to smishing. Thus, education will go a long way toward mitigating risks.

“Users should protect themselves by simply deleting and ignoring these messages,” says Neumann. “Never click on a link provided!” Other best practices include logging out of websites, closing browsers when not in use, keeping operating systems updated, and upgrading phones to the latest version possible. 

Cruciana also recommends that companies clearly outline the conditions under which employees can use mobile devices to access corporate data and deploy mobile endpoint management software. “As a practice, we deploy a unified endpoint management product for our clients,” he says. “We require the use of encryption, strong pass phrases, and apps that are supported and updated.”

While smishing may be a new twist on an old scam, defending against it requires the same general ingredients: a good portion of commonsense accompanied by a dose of security tools.

Image: iStock

Editor’s Choice

EXCLUSIVE INTERVIEW: Dell’s New Chief Partner Officer Denise Millard Gets Candid on AI

February 23, 2024 |

Dell’s new chief partner officer believes that 2024 is the year that artificial intelligence becomes “real” for businesses and consumers alike.

How to Bridge the Digital Transformation Gap: An Interview with Ciaran Chu of ConnectWise

February 16, 2024 |

Here’s some advice on how MSPs can best get clients “unstuck” from their digital transformation journey.

Jabra Unveils Jabra+ for Admins, but There’s a Lot More Coming for Partners

February 16, 2024 |

Jabra takes first step in it’s journey towards full device management, but it’s only the beginning.

Related News

Growing the MSP

Explore ChannelPro

Reach Our Audience