SMS phising (AKA “smishing”) involves malicious individuals or syndicates sending fake/fraudulent SMSes to unsuspecting mobile phone owners with the intention of tricking them into following a link or supplying personal data such as ID numbers or online banking login details.
It is becoming increasingly popular, with more and more victims being scammed every day, due to the following:
- SMSes are unauthenticated – Unlike most email software nowadays, your phone lacks the ability to verify that a sender is in fact who they say they are.
- Phone numbers can be spoofed – Hackers can spoof a number fairly easily, which means the number your phone tells you is sending the message and the actual sender’s number are different.
- URLs are harder to inspect in an SMS – If you’re already email savvy, you’ll regularly hover over a link you receive via email to determine whether or not it is safe and where it will take you, but on your cell phone, you can’t do this. URLs are shortened when they’re in an SMS, which makes them harder to check, but also makes it easier for hackers to hide malicious code and links.
Common smishing attacks attempt to impersonate banks, service providers and online services such as Google or Facebook. Always be suspicious of any corporation attempting to gather personal information via SMS.
Another scam involves fraudsters promising free money. You’ll receive an SMS saying a death has occurred and money has been left to you, or that you have won a prize. Delete these messages immediately if you get them.
Four ways to protect yourself
- Be aware: Ensure that you complete regular cybersecurity awareness training. This will provide you with the knowledge to identify and avoid smishing attempts.
- When in doubt, chicken out: If you suspect an SMS may be malicious or doubt its legitimacy, ignore it. You have to act on a smishing attempt for it to work, avoiding it will eliminate the risk.
- Do not call or react to unknown phone numbers: Hackers could entice you with an SMS telling you to call a number to resolve an issue or unsubscribe. Once you’ve reacted, the hacker saves your number, and you can definitely expect to receive more smishes.
- Never give out your cell number publicly: Hackers operate on personal information. More often than not, if you give your information, like your phone number, away publicly it ends up in the wrong hands. To prevent this, avoid sharing your number where it can be seen by anyone; especially online, for example on social media platforms.