CYBER SECURITY leveraging multiple mobile-specific channels— including SMS, email, QR codes, and voice phishing (vishing) — to exploit user behaviors and expand their attack surface.” And whereas email has always been the primary vulnerability, new attacks are more likely to target you by SMS or messaging app. This shift follows increased nervousness when opening attachments or clicking links in email. All made worse by AI advances, that make it even harder to detect a threat on a small screen before tapping. Not only does SMS carry text-based phishing risks, but it’s also vulnerable to on-device malware hijacking 2FA codes in real time. The U.S. government warns users to stop using SMS codes for 2FA, and in recent days we have seen SMS codes intercepted to hijack Gmail and Outlook accounts. Zimperium highlights “SMS Stealer” malware, that is now “compromising accounts on more than 600 global services.” The FBI, meanwhile, has warned users to delete all smishing texts given the alarming ramp-up in SMS attacks mimicking brands and local government agencies. As we have seen with recent FBI and police warnings into toll and disaster relief fraud, the ease of masking a sender ID, using brief text and a shortened link to mask a non-typical URL makes it all too easy to lure a user into clicking. Zimperium also notes the geographical targeting of mobile attacks, again as seen with fake toll messages focusing on specific cities and states. “Modern mishing campaigns frequently employ geolocation-based redirection at country or even at the city level, allowing for highly targeted attacks. This enables precise targeting of specific regions or organizations, complicates detection by security researchers, increases campaign effectiveness through localization, [and] reduces detection rates.” Some of this mandates new user training and awareness, and also strict rules on link and attachment handling. But when it comes to account credentials, there are now multiple reasons to shift from SMS to authentication apps or passkeys. As Microsoft has warned, we only get safer if legacy login methods are removed. So it’s not just a case of providing new ways to secure accounts, it needs the old ways shut down. Tracy L. Edwards, CFP®, APMA® Financial Advisor CERTIFIED FINANCIAL PLANNER™ practitioner 620.343.7937 702 Commercial St, Suite 1B, Emporia, KS 66801 tracy.l.edwards@ampf.com ameripriseadvisors.com/tracy.l.edwards Platinum Financial Solutions A financial advisory practice of Ameriprise Financial Services, LLC Certified Financial Planner Board of Standards Inc. owns the certification marks CFP®, CERTIFIED FINANCIAL PLANNER™ and CFP (with plaque design) in the U.S. Ameriprise Financial Services, LLC. Member FINRA and SIPC. Continued on page 18
View this content as a flipbook by clicking here.