Smishing is becoming one of the most commonly used variants of phishing. This very simple method of phishing is fooling many people daily. Why is it so successful?
Whether you're doing online banking, shopping or just going through your emails, the risk of becoming a victim of fraud is higher than you might think. Phishing techniques are only getting more sophisticated - as exemplified by the phenomenon of smishing.
What is smishing?
Smishing is short for “SMS phishing”. Similar to our computers, our mobile phones can be a target for hackers looking to steal information. There are billions upon billions of text messages sent and received across the globe every day, and a growing number of these messages are now spam, phishing, or other malicious attacks.
Many of us assume that mobile phones are safe. Whether we're sending a quick text or browsing through social media, it's hard to imagine that the security threats we encounter on our PCs and laptops can be transferred into the palms of our hands - but that's exactly what smishing does.
Like email phishing, a smishing attack attempts to either trick us into downloading a harmful virus onto our mobile phones or trick us into giving up our personal data. With the use of Short Message Service (SMS) systems, the attack comes in the form of a legitimate-looking text message. This type of attack has been around for well over five years, but it's only recently that smishing has truly started to strike fear in the eyes of the security minded.
What do smishing messages look like?
Much like the most common types phishing attacks, smishing messages may urge you to reply immediately to stop something bad from happening. For example, the message might appear to be from your bank, telling you that your credit has been compromised and you need to verify your account straight away using a web link (which will actually direct you to a phishing website that aims to steal your personal data).
This is the main reason why so many smishing attempts are successful - cyber criminals prey on this rapid responsiveness. The messages often contain a level of urgency to encourage you to act quickly. They may be offering you something for free (“The first 15 responses win a £100 Amazon voucher") or they might advertise an unmissable discount that is only available if you “ACT NOW!”.
Who are the main targets?
A main target of smishing has so far been banking customers, although there are many other types of victims, where as phishing has a much wider target of victims. Messages often aim to trick customers into thinking they are being contacted by their bank, and then steal information that should be kept secure.
Santander customers have especially been in the news recently, where some have been scammed out thousands of pounds. One customer narrowly avoided becoming a victim of smishing after she received a text message saying her Santander account had been blocked. The text, which appeared in a message thread in which she had previously received genuine Santander messages, directed her to click on a link to reactivate her account.
How can you protect yourself from SMS phishing scams?
One thing to remember about phishing is the attack can only cause damage if you take the bait. They're are a few simple steps you can take to protect yourself from SMS phishing scams.
Like any cyber attack, vigilance is the key to protecting yourself:
Be alert to the fact that any texts claiming to be your bank might not be genuine.
Never give away any private or financial information by text.
Avoid clicking any links sent from unknown senders - and even if it seems to be from someone in your address book, if it looks iffy, trust your instincts.
Think carefully before replying to any unexpected text that urges for a quick response – this is often a scare tactic.
If your phone has the capability, block the number to prevent further messages.
Never call the number of an unknown texter.