SMS phishing: how cloud migration has opened the door to a new cyber-foe

SMS phishing: how cloud migration has opened the door to a new cyber-foe

On the 10-year anniversary of the Shamoon virus attack on Saudi Aramco that downed more than 30,000 workstations, the Middle East Institute observed in a commemorative essay that “[it] began with a phishing attack.” And earlier this year, a phishing campaign impersonated the UAE Ministry of Human Resources in an attempt to defraud job seekers and recruiters. The victims were exposed to BEC (business email compromise) attacks and so-called 419 scams, a term referring to the part of the Nigerian criminal code that deals with advanced-fee fraud. Yes, this is the classic Nigerian Prince scam. It is alive and well and as of 2018, raking in an estimated $700,000 a year in the US alone. Every day, across the Middle East, people and businesses are exposed to phishing campaigns. They are the opening salvo in ransomware and a range of other cyberattacks. So many major incidents start with identity theft; and so much identity theft is done through phishing because the technique is scalable, cheap, and has a track record of success. And the phishing family has a new addition. Through SMS phishing, or “smishing,” even multifactor authentication systems can be compromised. As the region becomes increasingly cloud-resident and employees