What is it, how do attackers use it and how you can avoid becoming a victim
June 5th, 2023Author: Ryan Morrissey
What is SMS Phishing?
SMS phishing (sometimes referred to as smishing) can be explained by breaking down the term into two separate words. SMS stands for “short message service”, which is the technical term for text messaging on phones. Phishing can be described as techniques used by cyberattackers to gain access to your sensitive data, whether it's private information about your life or even bank information.
Why is SMS Phishing Important to Discuss?
There are a multitude of reasons why SMS phishing is important to discuss. One of the biggest reasons is that it's a relatively new form of phishing, so people are less aware of it. It's important to spread awareness of these attacks to prevent anyone from falling for them. This also means that cybercriminals are coming up with new forms of attack through text messaging that have never been dealt with before. While text messaging may seem like a simple process to some, it can be tough for others. It is important to educate the demographic about who is most vulnerable to these attacks so they can be better prepared/protected. Discussion is imperative to extending the reach of awareness about SMS phishing and will better help everyone defend themselves while also preventing fraud.
What are Some Common Techniques Used by Attackers?
There are many techniques you may have already experienced or will experience if you use text messages. A lot of the attacks will be some sort of impersonation, which is the most popular form of phishing. Attackers will usually pick some sort of trusted business or organization that a lot of people use, such as a bank or internet provider, to impersonate, and unfortunately, thousands of targeted users actually send the attackers their bank/sensitive information.
Someone may see the text above and use Bank of America, thinking their account may actually be at risk of being closed. All of a sudden, they click on the link and enter their bank information, and from there, their information has been stolen.
A huge majority of people order things online. There are quite a few attacks relating to the image above in that attackers send out this fake text message knowing someone somewhere ordered a package and will think in order for the package to get delivered they have to click on a link. Once the link is clicked, anything could happen. Always imagine the worst.
The last common technique attackers use is offering the target a reward or win. Attackers may send a text saying the victim won something, whether it be money or some other form of reward. This is dangerous because everybody wishes they could just come across a big sack of gold without having to do anything, but most times you will find any form of this text will just end with you entering your credit card number into a website, whether it's an easily spottable scam site or a spoofed website like mentioned above.
Real Life Example of SMS Phishing
You may have already encountered an SMS phishing scam before, as attackers can send out thousands of messages with the click of a button. Below is a recent example of SMS phishing that has plagued smartphone users.
Spotting and Avoiding SMS Phishing
SMS phishing is a sneaky way for attackers to get your information. It's important to not only be aware but also use techniques of your own to combat SMS phishing. It's important to not take text messaging for granted and realize that if you are not careful, there can be unwanted repercussions.
One technique that you can use is to be skeptical at all times. Verify that the person to whom you are sending messages is the person they say they are. You can never be too sure when it comes to texting. Being skeptical is important because keeping your guard up and double checking will go a long way in protecting your data.
Anything that you might suspect of being illegitimate will probably be a scam. Trust your gut and educate yourself, and you will find yourself well protected.
Again, links can be spoofed, so it's never good to trust a link in a text message because it's probably a scam. If you suspect you are on a spoofed/fake website, simply close the tab, and always make sure to never enter your password or any private information on a website you aren't familiar with. It's a good idea to verify what websites you are accessing, especially through text.
I Got an SMS Phishing Text, What Do I Do?
SMS phishing is becoming more popular, and as using email becomes less frequent, if you have a smartphone, you will probably witness or encounter an SMS phishing scam. If you get an SMS text, don’t engage in any way with the actual text. If you can, the best thing to do is avoid clicking on any links in the text and also not responding to the text. Ignoring/deleting the text and moving on is really all you can do to protect yourself.
SMS phishing is an emerging form of phishing where cybercriminals deploy techniques to trick victims into entering personal information through text messaging. This form of phishing is relatively new and rising at a high rate, so it's important to raise awareness about SMS phishing, including what it is, how it can be prevented, and some methods to defend yourself from falling victim to one of these attacks.