What is Smishing?
Smishing is the latest form of cybercrime. Smishing is similar to phishing, but attackers send text messages instead of emails. Smishing attacks have risen 328% in the last year yet less than 35% of the population even knows what smishing is.
How Does Smishing Work?
The attacker, the “Smisher,” sends you a message (usually text, SMS) enticing you to click a link or asking you to submit your private data. The attacker may be looking for:
- Online account credentials
- Private info for identity theft
- Financial data to sell
Smishers are experienced cybercriminals who know the most effective ways to trick you. One way is to use your social media accounts to learn information about you and then use that information to make the message appear as though it’s coming from someone you know.
For example, they may approach you pretending to be a representative from your alma mater, a former company you worked at, or a social group you belong to. By conveying a sense of familiarity, the Smisher is more convincing and the message more compelling, which makes you more likely to respond.
Once you click the link, you’re ultimately led to the Smisher’s server, a credential phishing site, or a malware site that compromises your mobile device. The malware can snoop your device’s data or send sensitive info to the Smisher’sserver.
How to Protect Against Smishing Attacks
Smishing messages are only dangerous if you click the link or send the attacker your private data. Like email phishing, protection from smishing depends on your ability to identify an attack and either ignore or report the suspicious message.
Luckily, big tech is also trying to help protect you. Increasingly, if a phone number is often used in scams, the telecom company warns users that a known scam number is calling. They may also stop the message altogether. Basic Android and iOS security features have been implemented to reduce the likelihood of you falling victim to a smishing attack.
Still, even the most robust security controls can’t combat users who hand over their data to Smishers. Here are a fewways to detect smishing and to avoid becoming a victim:
- The message offers quick cash and/or prizes for entering information. Coupon code offerings are also popular.
- Financial institutions will never send a text asking for credentials or transfer of money.
- Never send credit card numbers, ATM PINs, or banking information via text messages.
- Do not respond to a phone number you don’t recognize.
- Messages received from a number with only a few digits probably came from an email address, which could be a scam.
- Avoid storing banking information on a mobile device. Should an attacker install malware on the device, this information may be compromised.
- To protect others, forward the message to your telecom provider so that it can be investigated. The FCC also takes complaints and investigates text message scams.
How Can We Help?
Proxios can provide Mobile Device Management (MDM) service policies and procedures. We can help create a culture of awareness as well as manage an extensive training program for you.
We have extensive experience and training in data security best practices and our goal is to assist you to establish a level of security that enables you to stand strong against threat actors of all kinds (rather than merely checking the compliance box). It’s our job to stay abreast of all the latest cybercrime tactics so we can keep you informed and protected. We’re 100% committed to your success.