Cybercriminals are constantly evolving their tactics to exploit unsuspecting victims, and small and medium-sized enterprises (SMEs) are increasingly a target. One of the most common and deceptive cyber threats is phishing which is a technique where attackers impersonate legitimate entities to trick individuals into revealing sensitive information, such as passwords or financial details. Traditionally, phishing attacks occur via email, but that’s not the only method the criminals use, with one form being smishing.
What is Smishing?
Smishing, or SMS phishing, is a cyber-attack that uses text messages to deceive individuals into divulging business-critical information or downloading malicious software. Attackers typically send messages that appear to be from trusted organisations, such as banks, suppliers, or even government agencies. These messages often create a sense of urgency, prompting the recipient to click on a malicious link or respond with sensitive details.
How Does Smishing Impact SMEs?
For some micro-businesses and SMEs, smishing can pose a significant risk as they will often have limited cyber security resources whilst relying on mobile communications for their business operations. Cybercriminals will craft messages designed to manipulate employees into taking unsafe actions. These messages may:
Claim that the company’s bank account has been compromised and requires immediate action.
Impersonate an HMRC official requesting verification of company details.
Pose as a supplier or client requesting urgent payment via a suspicious link.
If an employee clicks on the link, they may be directed to a fake website that looks authentic, prompting them to enter business credentials. Alternatively, clicking the link may install malware onto the device, allowing attackers to steal company data or gain unauthorised access to your business systems.
Imagine receiving this text message on a company phone:
“URGENT: Your business banking account has been locked due to suspicious activity. Verify your identity immediately by clicking this secure link: [fakebank web address]”
Whether a business owner, manager or an employee, you would likely be worried about potential financial disruption, which may prompt you to click the link, leading to a fake banking login page. Once you have entered your business account credentials, the attacker now has this information and can access and exploit company funds or sensitive data.
How can SMEs Can Protect Against Smishing
Following the National Cyber Security Centre (NCSC) guidelines, SMEs should implement the following best practices:
Educate employees on smishing risks. Conduct regular training sessions to help staff recognise smishing (and wider phishing attacks) and report suspicious messages.
Verify messages before taking action. If a text claims to be from a trusted partner, supplier, or bank, verify its authenticity. Don’t use the same communication method to respond but ensure you go through official communication channels.
Report suspicious messages. Forward smishing texts to 7726 (a free reporting service) to help authorities track and combat scams or take a screen shot and email to the NCSC: report@phishing.gov.uk
Enable multi-factor authentication (MFA). This is a very simple but highly effective method of protecting your business accounts by adding an extra layer of security to prevent unauthorised access.
Keep business devices and software updated. Ensure company-issued devices have the latest security patches and software updates to close vulnerabilities. Ensure that devices are protected with antivirus software.
Stay Vigilant, Stay Secure
Smishing attacks exploit urgency and trust, making busy individuals working in micro-businesses and SMEs particularly vulnerable. By creating a culture of cyber security awareness and implementing protective measures, businesses can safeguard their data, finances, and reputation from cybercriminals. If something feels suspicious, trust your instincts—better safe than scammed!
If you’d like to receive more information, guidance, tips and tools on how to keep your small business safer from online business crime, sign up to our free membership programme.
Comments