Word Notes 10.6.20
Ep 18 | 10.6.20

smishing (SMS phishing) (noun)


Rick Howard: The word is smishing.

Rick Howard: Sounds like: Fishing, but starts with an S as in shut down.

Rick Howard: Definition: From the intrusion kill chain model, the delivery of a lure via a text message to a potential victim by pretending to be some trustworthy person or organization in order to trick the victim into revealing sensitive information.

Rick Howard: Example sentence: Security experts say one reason for the increase in smishing is that these days people trust text messages more than phone calls or emails.

Rick Howard: Context: Smishing is a portmanteau word made of two other words, the acronym SMS and the cyber coinage phishing. It's a text-message-centric variation of the email-based phishing scams that have been around since the 1990s. The term smishing arose in the late 2000s. According to CSO magazine, 98% of text messages are read and 45% are responded to. That's much better than email, which comes in at 20% and 6%, respectively. According to Verizon's 2020 mobile security index, 15% of enterprise users encountered a smishing link in Q3 of 2019. ProofPoint's. 2020 State of the Phish report indicates that 84% of surveyed organizations faced smishing attacks.

Rick Howard: Nerd reference: In Season 2, Episode 5 of Mr. Robot, Elliot, played by Rami Malek, plans to secretly install a Raspberry Pi inside Evil Corps' backup facility to control the heating system. Raising the temperature high enough in the storage room will render all tape backups unusable. Elliot social engineers his way into the building, but a suspicious employee confronts him. At the moment, she decides to escort him out of the building, Elliot's friends from f/society send her a smishing text that appears to come from her husband and is urgent. She gets distracted and Elliot is able to stay in the building.