Last week, Ziff Davis published a brief piece "Smishing: An Emerging Remote Security Threat". The article says:
"As many of us are acutely aware, "phishing" is a type of attack involving spam and other malware from fraudsters pretending to be legitimate businesses such as banks. After being lured to fake Web sites, victims are conned into providing personal information such as bank account and credit card numbers which criminals can then abuse for purposes of identity theft."
"Vishing, in contrast, revolves around spam that tells users to make a phone call to a toll-free number, in order to correct some sort of purported problem with their accounts. If you dial the specified number, an automated voice system asks you to tap in your account numbers and PIN on the phone keypad. This info is then captured by the scam artists."
"Smishing is a simpler approach in which cell phones and other mobile devices are used as the delivery mechanism. Recipients receive SMS messages with fraudulent messages, sometimes telling them, for example, that they've signed up for some service they've probably never even heard of, and that they will be charged for the service unless they go to a specified URL to cancel the order they've never placed. When smishing victims visit that Web site, they are directed to download a program which then turns out to be a Trojan horse, thereby enabling remote access to their devices by cybercriminals or other hackers."
This type of attack was blogged by Symantec last July.
I think that this type of attack will become very common over the next one to two years as mobile phone use in the US increases. It's simply yet another attack vector for criminals to gain access to your authentication mechanisms, your identity information and your credit card info.
Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com
del.icio.us