Cisco Under Scrutiny: Why Isn’t the Tech Giant Offering Network-Based Solutions Against Rising SMS Phishing Threats?
As expected, the SMS phishing messages that have troubled other countries for the past 4 years are now escalating in the US. I received the email below this morning, alerting me to the risks of SMS-based toll scams. This is NOT a sophisticated new problem; it’s similar to the phishing problem we’ve seen with email, social media, apps, and other platforms for decades. The security industry might claim AI worsens the problem, but it doesn’t. AI mainly helps threat actors polish their grammar — nothing more.
Dear FasTrak Customer, Some customers have reported receiving texts notifying them of tolls due and providing a link to one of several fraudulent websites where they can pay. The websites provided are scams and are not related to FasTrak. If you receive such a text, please do not click on the link. FasTrak does not request payment by text with a link to a website. Please conduct your business at www.bayareafastrak.org or call the FasTrak Customer Service Center at 877-BAY-TOLL (877–229–8655). If you have made a payment to one of the fraudulent websites, please consider contacting your bank or credit card company immediately to report the charges.
Sincerely, Bay Area FasTrak Customer Service Center
The telecommunications industry is often unfairly criticized for failing to protect customers from SMS phishing. But it’s not their fault!
The primary responsibility for cyber protection rests with cybersecurity companies like Cisco , Palo Alto Networks , and MetaCert, not with telecom carriers, their partners, or their customers. SMS phishing attacks are increasing because criminals are capitalizing on the lack of security solutions for mobile carriers.
Why isn’t Cisco offering a network-based solution to help carriers shield subscribers from these dangers? Why don’t they offer a solution like Cisco Umbrella? Cisco’s customer data was compromised when their own employees were tricked by an SMS phishing attack that mimicked their security alerts and branded login pages.
Here’s a quote from Cisco’s own website:
During the investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized.
If Cisco has industry-leading anti-phishing security, the best anti-phishing training programs, and the best MFA solutions on the market, why can’t they protect their own employees from dangerous links?
The Yanluowang ransomware gang claims they exfiltrated 2.8GB of data that belongs to Cisco and their customers.
In a breach notification letter sent to affected customers more recently, Cisco Duo said that its telephony provider, which it didn’t name, was compromised on April 1 2024. Unidentified threat actors mounted a phishing attack against the third party, through which they stole login credentials for the company’s systems.
Where are you Cisco?
Cisco is aware that SMS is an unprotected channel and they must also believe that the market opportunity is massive if the email security market is anything to go by. Furthermore, Cisco is one of the biggest Telco vendors in the world, and one of the biggest security vendors in the world. Why aren’t they offering a solution to mobile carriers, if only to protect their own networks and customer data from more phishing-led attacks?
What say you, Cisco Security ⁇
