Intelligent CIO North America Issue 27 - Page 24

Smishing – A strategy that combines SMS and phishing
Smishing messages are sent by bad actors to get victims to reveal private information , including passwords , identity and financial data . The messages typically include some incentive for the recipient to click a link , which may be for a site that hosts malware or a page that attempts to convince the user to submit data through a form .
Actors have regularly used spoofed sender numbers in the text messages to evade spam filters . However , those messages that are not automatically detected by the mobile provider can be stopped by blocking the sender ’ s phone number . In response , threat actors continue to evolve their own techniques .
In a well-known version of mobile phone spoofing , a recipient receives a text or phone call from someone who appears to be in the area close to the recipient . Users are hesitant to block local phone numbers for fear it would also block legitimate phone calls and messages .
Spoofing the recipient ’ s phone number is another advance by actors to overcome spam filtering and blocking and to convince users to click on the embedded links in the messages .
Prevention and mitigation
Smishing messages are a common method for sending phishing links . Infoblox recommends the following precautions for avoiding smishing attacks :
• Always be suspicious of unexpected text messages , especially those that appear to contain financial or delivery correspondences , documents or links .
• Never click URLs in text messages from unknown sources . In the campaign under discussion , the source was the recipient , who did not send the message , and that is a red flag .
VexTrio DDGA domains spread adware , spyware and scam web forms
Since February 2022 , Infoblox ’ s Threat Intelligence Group ( TIG ) has been tracking malicious campaigns that use domains generated by a dictionary domain generation algorithm ( DDGA ) to run scams and spread riskware , spyware , adware , potentially unwanted programs and pornographic content . This attack is widespread and impacts targets across many industries .
VexTrio actors heavily use domains and the DNS protocol to operate their campaigns . The actors leverage vulnerable WordPress websites as attack
24 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com