Smishing is a short term for SMS phishing, a variant of phishing email scams that instead utilizes SMS systems to send out bogus text messages. It is the act of using mobile phone text messages to lure victims into immediate action such as downloading mobile malware, visiting a malicious website or calling a fraudulent phone number. The two most common trigger emotions smishing is trying to activate are fear and greed. We often see fear or greed based terminology such as ‘fraudulent account activity detected’ or by offering some type of award or discount. Often the messages attempt to alarm the potential victim, claiming that urgent action is needed or serious consequences will result – this can be a tell-tale sign that the message you received is not a bona fida communication.
Smishing can also be used to infect users’ phones and related networks with destructive viruses or eavesdropping software.
Many of us keep our personal information, like banking details, stored in our mobile phones. Scammers can access this information through scams such as smishing. While most people are aware of phishing, people generally seem to be less skeptical receiving a smishing message. Scammers are continually becoming more creative in their efforts, while most people won’t fall for a “we need your bank account password” email, smishing seems somewhat less threatening. With a 98% open rate of all text messages, it is no surprise that many smish attempts are successful – criminals tend to go where the opportunities are greatest.
Smishing may lead the user to a fake website which will ask the user to complete a form with personal details, no credible business would ever ask you to do this – this is a massive warning sign to any user!
In conversation with Stephen Burke, CEO of www.cyberriskaware.com, a world leading online security training company said ‘95% of all security incidents are caused by human error.’.
Below are a number of tips from Stephen
- Be very wary of unsolicited text messages that claim to come from a reputable organisation.
- Be suspicious of text messages that encourage you to urgently visit a website or call a number to verify or update your details.
- Do not reply to text messages that request your personal information such as username or bank account without first independently validating that they are genuine.
- Never respond to text messages which request your 4 digit PIN or online banking password or any other password.
- Be cautious about clicking on any links that may be embedded or calling the number in a text message.
We hope you found this blog helpful.