These days, it seems as though we're never really safe from the scope of a cyber criminal. Whether we're banking, online shopping or even just looking at our emails, the risk of becoming a victim of fraud is higher than many of us think. But if you thought these techniques couldn't get any more sophisticated - take a look at 'smishing'.
Smishing is short for “SMS phishing”. Similar to our computers, our mobile phones can be a target for hackers looking to steal information. Texting is one of the most common features used on mobiles. There are billions upon billions of text messages sent and received across the globe every day, and a growing number of these messages are now spam, phishing, or other malicious attacks.
What is smishing?
Many of us assume that mobile phones are safe. Whether we're sending a quick text or browsing through social media, it's hard to imagine that the security threats we encounter on our PCs and laptops can be transferred into the palms of our hands - but that's exactly what smishing does.
Like email phishing, a smishing attack attempts to either trick us into downloading a harmful virus onto our mobile phones or trick us into giving up our personal data. With the use of Short Message Service (SMS) systems, the attack comes in the form of a legitimate-looking text message. This type of attack has been around for well over five years, but it's only recently that smishing has truly started to strike fear in the eyes of the security minded.
What do smishing messages look like?
Did you know that over 90% of text messages are opened inside 15 minutes of being received? This is the main reason why so many smishing attempts are successful - cyber criminals prey on this rapid responsiveness. The messages often contain a level of urgency to encourage you to act quickly. They may be offering you something for free (“The first 15 responses win a £100 Amazon voucher") or they might advertise an unmissable discount that is only available if you “ACT NOW!”.
Much like the most common types phishing attacks, smishing messages may also urge you to reply immediately to stop something bad from happening. For example, the message might appear to be from your bank, telling you that your credit has been compromised and you need to verify your account straight away using a web link (which will actually direct you to a phishing website that aims to steal your personal data).
Who are the main targets?
A main target of smishing has so far been banking customers, although there are many other types of victims, where as phishing has a much wider target of victims. Messages often aim to trick customers into thinking they are being contacted by their bank, and then steal information that should be kept secure.
Santander customers have especially been in the news recently, where some have been scammed out thousands of pounds. One customer narrowly avoided becoming a victim of smishing after she received a text message saying her Santander account had been blocked. The text, which appeared in a message thread in which she had previously received genuine Santander messages, directed her to click on a link to reactivate her account.
How can you protect yourself from SMS phishing scams?
Like any cyber attack, vigilance is the key to protecting yourself:
Be alert to the fact that any texts claiming to be your bank might not be genuine.
Never give away any private or financial information by text.
Avoid clicking any links sent from unknown senders - and even if it seems to be from someone in your address book, if it looks iffy, trust your instincts.
Think carefully before replying to any unexpected text that urges for a quick response – this is often a scare tactic.
If your phone has the capability, block the number to prevent further messages.
Never call the number of an unknown texter.