What Is Smishing?
Smishing, also known as SMS phishing, is very similar to phishing, which is a form of social engineering in which an attacker poses as a trustworthy person and sends an email that tries to trick the recipient into opening an infected attachment or clicking on a malicious link. While phishing uses an email, smishing is an attack executed using a text message.
Smishers or smishermen often pose as someone you know or someone authorized to ask for your personal information, such as your bank, another financial institution, tech support staff, or government workers. They usually ask for your personal or financial information (ATM number, account number, or login credentials). With this information, a smisher can easily steal your identity or your money.
RoboKiller estimates that 378,509,197 spam texts are sent every day. If you’re distracted or unaware, it can be easy to fall victim to these attacks.
Be prepared by learning more about smishing and how to spot the signs of a smishing attack!
How Does a Smishing Text Work?
A smisher takes advantage of the fact that smartphone users are often distracted and in a hurry, which means that the user is more likely to click a link or respond without thinking twice. Familiarizing yourself with these attacks and what they commonly look like can help you avoid falling victim to an attack! Here is what a smishing text normally involves:
- Remember that a smisher’s end goal is to steal your personal/sensitive information. Common tactics include a request to reveal your credentials, download malware, or send someone money.
- The first step of a smishing text is to make you feel obligated to take some sort of action, such as providing credentials, sending money to a loved one, “saving” money that is at risk of being stolen, or sharing personal information for legal reasons.
- The text might try to convince you to go to a legitimate-looking site and enter personal information, call a number and provide private information, or click on a link that leads to malware.
- After stealing your personal information, a smisher may use it to take your money, or they may sell the information to someone else who will abuse your credentials.
Common Examples of Smishing Texts
Here are a few common examples of smishing messages:
- A text claiming to be from your bank to warn you that your account has been compromised. There may be a link to click to “remedy” the situation that takes you to a fake website that looks very similar to your real banking website. Once you enter your credentials, the smisher has succeeded.
- A text from someone claiming to be your close friend or relative who needs money.
- A text from someone asking for money for a church or charitable organization.
- A text claiming to be from FedEx or other freight carrier that asks you to set your delivery preferences. The message may contain a malicious link, which can collect critical information from your device once installed.
How Can I Avoid Being Attacked?
One of the most important things you can do to prevent falling victim to a smishing attack is to stay educated and aware. Understanding the different forms of smishing attacks will equip you with the knowledge to spot them. Here are some things you can do to avoid being attacked:
- Be overly cautious of messages that demand you to take quick action.
- You should be very suspicious of any request for money via a text message.
- As a general rule, never click on links inside a text message, especially if it’s from an unknown sender.
- Your bank won’t send you a text message asking you to update your account information, provide your credit card number, or confirm your ATM PIN. Call your bank directly if you are in any doubt.
- If you don’t know the sender, don’t reply to the message or click anything inside the message.
- Don’t keep your banking or credit card information on your phone because malware can be used to access this sensitive information.
- Always question messages sent from an unknown or suspicious-looking number. Messages from a number with only a few digits generally come from an email address, which is a sign of spam.
- Never respond to a request via text message to update account information.
- If in doubt, don’t do anything. The attack can’t be successful if you don’t take the bait by responding, calling, clicking, and providing your information.
Date Posted: 5/11/22
Date Last Updated: 5/11/22
By: RTI Marketing Team