What can I do about smishing?

AZAAM’s (Ask Zach Anything About Microsoft) latest question answered!

A client recently asked us: Employees are receiving text messages that claim to be from our CEO and other company executives. What can we do about it?

Background on smishing –

Smishing is a form of phishing that uses text messages or SMS to trick users into clicking on malicious links, downloading malware, or revealing sensitive information. Smishing attacks are on the rise, especially during the COVID-19 pandemic, as cybercriminals exploited people's fears and anxieties. According to FTC data, text message scams accounted for $330 million in losses for 2022!

Smishing can have serious consequences for corporations, as it can compromise their data security, reputation, and customer trust. Smishing can also lead to financial losses, regulatory fines, and legal liabilities. Therefore, it is essential for corporations to protect themselves and their employees from smishing threats.

AZAAM’s response -

Microsoft offers a comprehensive suite of solutions that can help corporations prevent, detect, and respond to smishing attacks. Here are some of the ways that Microsoft can help:

- Microsoft Defender for Endpoint | Microsoft Security: Microsoft Defender for Endpoint on Android and iOS is Microsoft’s mobile threat defense solution (MTD) that provides protection against web-based and other sophisticated attacks. It is designed to protect mobile devices from vulnerabilities and attacks that can compromise sensitive information. Help stop damage before it starts, right in the employee’s hands.

- Microsoft Authenticator: This is a mobile app that provides multi-factor authentication (MFA) for users' online accounts. It can also generate one-time passwords (OTPs) that users can enter instead of their regular passwords when logging in to their accounts. This can prevent smishing attackers from stealing users' credentials and accessing their accounts. Microsoft Authenticator also supports password less sign-in, which eliminates the need for passwords altogether and reduces the risk of phishing and smishing.

- Microsoft Attack Simulation Training: is a feature in Microsoft Defender for Office 365 that allows you to run realistic phishing campaigns in your organization. It helps you test your security policies and practices, as well as train your employees to increase their awareness and decrease their susceptibility to attacks. You can choose from different types of social engineering techniques, such as credential harvest, malware attachment, or “link in” attachment, and customize the payloads, login pages, target users, training content, and launch details of your simulations. You can also view the results and statistics of your simulations and take actions to improve your security posture.

- Microsoft Teams: this platform is more secure and compliant than SMS. Microsoft Teams uses encryption to protect your data in transit and at rest, and offers advanced security and compliance features such as data loss prevention, retention policies, eDiscovery, legal hold, and more. SMS, however, is not encrypted and can be intercepted, spoofed, or compromised by hackers or malicious actors. Internal communication through Teams is a no-brainer and there are many ways you can communicate with customers through Teams as well.

- Microsoft Purview Compliance Manager: this solution is purpose built and lets you take advantage of ready-to-use, customizable, and multi-cloud regulatory assessment templates to meet your business requirements and regulatory needs. It helps all organizations address the biggest challenges related to data security and reduce compliance risks with capabilities such as compliance score, control mapping, versioning, and continuous control assessments.

By using these solutions, organizations can enhance their security and resilience against smishing attacks. Microsoft is committed to helping everyone protect themselves from the evolving cyberthreat landscape and empower organizations and users to work securely and productively.

Do you have a question for AZAAM?

Book time with AZAAM

Ask FMT, a division of Citrin Cooperman, for assistance with all your Microsoft needs.