"Smishing" Attacks Seen Focused on Credit Unions
Credit unions were a favorite target of a specialized kind of text-to-phone phishing attacks (often called "smishing") in the first few months of the year, accounting for fully 83% of the individual brands targeted, according to online security specialist Internet Identity (IID).
Overall numbers of smishing attacks against financial institutions dropped dramatically in the first quarter of the year from the previous quarter, the Tacoma, Wash., company said, but remained the same against credit unions, at about 40 individual cases at one of the top three cell phone carriers alone.
Smishing attacks involve sending a text message, usually in a random pattern against a set of area codes, designed to trick recipients into calling a provided phone number and then to give up personal information such as account credentials and social security numbers.
IID said in its just released Phishing Trends Report: First Quarter 2010 that while the number of credit unions targeted held steady, attacks per credit union fell significantly, from 3.2 attacks per institution in the fourth quarter of 2009 to 1.5 attacks per credit union in the first quarter of 2010.
This decline suggests that credit unions and their members may have improved at defending against text-based phishing attacks," IID said in its report.
The analysts at IID also found that a toll-free number was provided in only 52% of the attacks in the first quarter, down from 80% in the quarter before, but that 85% of the attacks on credit unions contained a toll-free number, compared with 24% of the generic, non-branded attacks and those against banks.
"One possible explanation for the high percentage of CU attacks using toll-free numbers is that CU members are far more likely than bank customers to be suspicious of numbers with unfamiliar area codes claiming to represent their institution," the IID report said.