Welcome to our October blog. Cybersecurity Awareness Month in October is recognised as a dedicated month for promoting security and safety and encouraging both public and private sectors to work together to raise cybersecurity awareness. This security blog focuses on the Cybersecurity Awareness Month theme of “Secure Our World”, focusing on actions individuals and businesses can take to protect themselves online, particularly focusing on social engineering. To add detail to the topic, this blog post introduces some of the areas where social engineering plays a significant role. In turn, these areas will be further developed by related GSMA content during Cybersecurity Awareness month, that cover:
- Phishing (including spear phishing)
- Smishing
- Vishing (including ‘deep fakes’ and wider use of AI in social engineering)
Users of mobile technologies are targeted by a variety of actors – whether it be low-level fraud via phishing, smishing, or through social engineering against them or call centres. As our technology becomes more secure, the human is targeted because they are seen as the weakest link. Scams and fraud can take many forms, and some of these exploit mobile devices as an attack channel. These include attacks such as service fraud (e.g. identity fraud or mobile money fraud), mobile spam and, increasingly scams or “social engineering” fraud, which trick victims into revealing sensitive information about themselves and the services they consume, without realising they have compromised their own security. Often, the scammer will attempt to impart a sense of urgency, so that the target rushes to act. This urgency is often a signal that a scam is being attempted.
Phishing is the term used to describe a social engineering practice by fraudsters to imitate legitimate companies or trustworthy sources in unsolicited e-mails to entice people to click on links to malware, share personal identity data and financial account credentials such as online banking passwords and credit-card numbers. Deceptive emails often involve impersonation, where criminals pretend to be a trustworthy entity, such as a bank, government agency, employer or well-known organisation. Highly targeted phishing attacks are aimed at senior executives disguised as a legitimate email (so-called ‘whaling’ attacks) or to target specific individuals such as administrators with high levels of system access (so-called ‘spear phishing’).
Smishing attacks are where malware is attempted to be delivered through website URL links on SMS messages (in a similar fashion to links sent in phishing emails). Phishing-as-a-service platforms give even unskilled fraudsters access to effective website and SMS templates for spoofing localised service providers (postal services, toll free, tax agencies), using single-click deployments and ‘user’-friendly backends.
Vishing attacks are voice calls are used to attempt scams targeting authorised push payments. Social engineering fraud uses manipulation to influence a person to take harmful actions such as divulging personal details or passwords. Scammers that engage with their intended victims typically build rapport and confidence, at times by leveraging publicly available information. Scammers and fraudsters are constantly seeking new opportunities and adapting their scams very quickly and even becoming business-like in their approach. The use of technological advancements, such as Generative Artificial Intelligence (GenAI), not only provides productivity efficiencies for attackers, new automation to increase the volume of attacks, and new attack tools, but they also provide new techniques, such as synthetic identity frauds (‘deep fake’ audio and video).
Cybersecurity Awareness Month’s ‘Secure Our World’ theme emphasises four key behaviours: using strong passwords, enabling multifactor authentication, updating software, and recognising phishing. Look out for more GSMA content to be shared this month that focuses particularly on recognising phishing. Additional information can also be found in the recent GSMA document Fraud and Scams: Staying Safe in the Mobile World, whilst the wider security context can be examined in detail by reading the 2025 GSMA Mobile Telecommunications Security Landscape Report.