New Security Threat: 'SMiShing'
First, on Tuesday, AT&T said a weekend hacker attack had compromised the personal data -- including credit-card information -- of as many as 19,000 of its customers. The ones most likely affected had purchased DSL equipment through AT&T's online store. AT&T officials discovered the attacks within hours, shut down the online store and notified the relevant credit-card companies, but not before the attackers were able to make off with at least some critical data. "Targeted attacks like this one are much more likely to be successful because the hacker is studying a company's defense, looking for a way in," says Minoo Hamilton, senior security researcher for nCircle, a network security firm, adding that such attacks are likely to increase until companies change their security strategies.
Along with good old-fashioned theft, as of this week, IT users have a new type of threat to worry about: McAfee's Avert Labs released a statement that identifies "SMiShing (phishing via SMS) as the newest data collection tactic. Evidently, some mobile phone users have been receiving SMS messages that say, "We're confirming you've signed up for our dating service. You will be charged $2/day unless you cancel your order: www.smishinglink.com."
Avert Labs researchers say the new attacks are "yet another indicator that cell phones and mobile devices are becoming increasingly used by perpetrators of malware, viruses and scams."