HHS issued a report warning hospitals about a growing cyberattack trend known as smishing – a form of phishing in which an attacker uses a compelling text message to trick targeted recipients into clicking a link, which sends the attacker private information or downloads malicious programs to a smartphone.
Many are already aware of the dangers of clicking a link in email messages; fewer people are aware of the dangers of clicking links in text messages. Users are much more trusting of text messages, so smishing is often lucrative to attackers phishing for credentials,
A bad actor can and will look for gaps in authentication processes, such as during and even after hiring, to circumvent identity verification – even utilizing surrogates to help conceal their true identity and nefarious intentions. By using behavioral analytics with acritical intelligence (AI) to continuously monitor the attributes of individuals, organizations can detect fraudulent usage of a user’s device and account. User behavioral analytics include:
• Location: A combination of an IP address, Wi-Fi, GPS, and cellular data can be correlated with the presented identity to check for consistency and to affirm the identity claim.
• Device: Attributes of a user’s device, such as browser language and time zone, etc., can be correlated with the presented identity for consistency and identity affirmation.
• Email: Link analysis can be used to verify when the email has been used prior with the presented identity.
• Phone number: Cross referencing a phone number to the network operator and other dates can reveal identity data to affirm or refute an identity claim. Read more.