It often seems like digital technology evolves by leaps and bounds on a daily basis. With breakthroughs happening so regularly, today’s digital landscape seems like a wildly different place when you compare it to the norms of just a couple of years ago.
Not only that, digital device adoption has become more and more widespread, especially smartphone adoption. According to a mobile economy report by GSMA, there are currently 6.5 billion mobile users worldwide, which is equal to 67% of the world’s global population.
All this progress comes with the unfortunate consequence of the advancement of digital scamming techniques. Hackers and fraudsters are continually coming up with new ways to trick people into handing over sensitive information. And with more of the population using mobile, smartphones have become a key part of that.
That’s why we need to talk about Smishing.
What is Smishing?
Smishing is a form of phishing, but instead of attempting to dupe users via email, fraudsters target victims through SMS messages, more commonly known as text messages. Consumers and members of an organization (company employees, for example) are the most frequent targets of smishing. The general aim of these messages are:
- To steal sensitive data, such as credit card numbers, login credentials, or personal information.
- To gain access to organizational accounts.
When malicious actors gain access to such information, smishing victims are at risk of fraud and identity theft. When they gain access to organization accounts, they may divert company funds, spread malware, or cause general chaos, like with the Twitter takeover attack of July 2020.
Like classic Phishing, Smishing can involve very convincing text messages. Typically, they will pretend to be from a business or organization that’s known to the user, or they’ll inform the user that they’ve just won a fabulous prize. These messages typically have a link embedded, which leads to a site that encourages users to hand over some kind of information.
Common examples of Smishing
Here are some examples of common types of Smishing messages so that you know what to look out for:
- A text declaring you the winner of a contest you don’t remember entering.
- A request from a store or bank you’re a member of asking you to verify personal information via a link or phone number.
- Requests for donations (particularly after natural disasters or major global events).
- Messages with suspicious-looking links or attachments claiming to be from someone vaguely known, like the post office or a distant acquaintance.
While some Smishing types are more convincing than others, you never know what you might open or download in a moment of distraction.
Smishing definitely has the element of surprise and the unexpected as compared to Phishing. Most of us have gotten used to the idea of spam emails over the years (there’s a reason why the Nigerian prince meme has become so ubiquitous), but we don’t tend to expect this kind of thing from SMS messages. With SMS messages having an open rate of 98%, while emails only have an open rate of 21%, there’s a reason why Smishing scams have increased in recent years.
How to protect yourself
The first step is recognition. Much like with Phishing emails, Smishing messages may seem like the real deal at first, but small details can give them away. Here are four ways to keep yourself safe from SMS scams:
1.Think about who (allegedly) sent the message
If you’re a consumer, ask yourself if a company usually communicates via SMS. Even if they do, remember that companies will almost never ask you to hand over credit card details or login details over email or text message, so that should be a red flag.
If someone claiming to be a colleague or member of your organization messages you out of the blue requesting account access information, proceed with caution, especially if you don’t know them personally. Contact them on an alternative platform to ask whether it was they who messages you. If a message is unexpected and doesn’t seem to make sense in some way, don’t trust it.
2. Examine the number of the sender closely
Think about mobile number conventions. Does it resemble local numbers you’re familiar with? According to Norton, SMS messages sent from “5000” numbers are actually emails that have been sent to your phone.
3. Don’t click on unexpected links or downloads
If it’s from someone you text message often, it’s in all likelihood fine. But exercise caution when it comes to SMS messages that are unexpected, even if it claims to be from an organization you know. Don’t take anything at face value, and go right to the source (like their official website or the app store) for more information.
4. Delete and report
Deleting malicious messages from your phone will ensure that you don’t accidentally click a link or download a file later. If you received a message masquerading as a certain organization, be sure to report it to them so that they can alert their customers, members, or employees.
When it comes to preventing being hooked by a Smishing attack, knowing what to look for is the first step. By keeping the tips of this article in mind, spotting suspicious SMS messages should become second nature over time.