I don’t know about you, but the number of no-hook phishing messages arriving via SMS or WhatsApp has gone ballistic of late. I know what your immediate response to this will probably be: what the hell is a no-hook phishing message? Yeah, good point, well made. Let me enlighten you.
First, think about how most phishing lures work. You get a message (the platform it’s delivered on is for the most part irrelevant) that appears to be from a trusted source. That could be your bank, a business you have dealings with, a brand you recognise offering you a deal of some kind, or even just someone you know. That is the lure; the hook is the link you are asked to click on or the number you should call.
No-hook phishing throws away this con-artist 101 rule book and uses a script that’s been around for the longest time. I can recall these things from 20 years ago but they’ve recently made a comeback. Not only is there no hook by way of link, but the lure isn’t from a trusted source. Quite the opposite in fact.
A no-hook phishing