Top 5 things you need to know about Smishing

What's smishing and how do you protect yourself and your business from the ramifictions of it? Cyber takes a look

We’ve all heard of phishing, but what about smishing? Smishing is a form of phishing, when someone tries to trick you into giving them your private information via a text or SMS message. Smishing is becoming an emerging and growing threat in the world of online security. More attackers are turning to SMS-based phishing over traditional email phishing because many email programmes, such as Google or Microsoft Outlook, are smart enough to detect phishing emails and label them as spam. This means the average email user doesn’t even notice most phishing attacks. However, anyone can still get a text message and open a bad link..

Cyber takes a look at the top five things you need to know about smishing and how to protect yourself and your business from it. 


05: The potential ramifications of smishing are easy to protect against

You can keep yourself safe from smishing by doing nothing at all.  The attack can only do damage if you take the bait. According to  Russian cybersecurity business Kaspersky, no financial institution or merchant will send you a text message asking you to update your account information or confirm your ATM card code. If you get a message that seems to be from your bank or a merchant you do business with and it asks you to click on something in the message, it's a fraud. Never click a reply link or phone number in a message you're not sure about. Look for suspicious numbers that don't look like real mobile phone numbers, like "5000",  these numbers link to email-to-text services, which are sometimes used by scam artists to avoid providing their actual phone numbers. Don't store your credit card or banking information on your smartphone. If the information isn't there, thieves can't steal it even if they do slip malware onto your phone. Report all smishing attacks to the FCC to try to protect others.


04: Smishing isn’t just a consumer threat, it affects businesses too

Like most cybercriminals, smishers want to steal your personal data, which they can then use to steal your money, but sometimes also your company's. Cybercriminals use two methods to steal this data. They might trick you into downloading malware that installs itself on your phone. This malware might masquerade as a legitimate app, tricking you into typing in confidential information and sending this data to the cybercriminals. On the other hand, the link in the smishing message might take you to a fake site where you're asked to type sensitive personal information that the cybercriminals can use to steal your online ID.

As more and more people use their personal smartphones for work, smishing is becoming a business threat as well as a consumer threat. So it should come as no surprise that, according to Cloudmark, smishing has become the leading form of malicious text message.

03: Bank smishing is one of the most common types of this category of attack.

Bank smishing is often successful for a couple of reasons. One is that many banks have services that text you about suspicious activity on your account. An important thing to keep in mind is that legitimate messages should contain information proving that the bank already knows who you are: they might include the last few digits of your credit card or bank account number, for instance. Vague references to "your account" without any details are often not legitimate. Another reason is that many smishers use SMS spoofing techniques that disguise the phone number that a text message appears to come from. It's relatively easy to send a text message that appears to come from another number, and in fact there are plenty of legitimate reasons to do so. If an attacker uses SMS spoofing to make their smishing texts appear that they're coming from your bank, your phone will automatically group them with any real texts you've already received from that institution, making them seem more legitimate.


02: Smishing uses elements of social engineering to get you to share your personal information.

Smishers leverage your trust in order to obtain your information. The information a smisher is looking for can be anything from an online password to your internet banking or your credit card information. Once the smisher has that information they can then start applying for new credit in your name. Another option used by a smisher is to say that if you don’t click a link and enter your personal information that you’re going to be charged for the use of a service or fined for not doing something you should have, such as renewed your tax or paid for your MOT. 


01: Cybercrime aimed at mobile devices is rocketing

Texting is the most common use of smartphones and research by Experian found that adult mobile users aged 18 to 24 send more than 2,022 texts per month, on average, that's 67 per day, and receive 1,831. Just as mobile device usage is growing, so, too, is cybercrime aimed at mobile devices. While Android devices remain the prime target for malware because so many of them are out there, smishing, like SMS itself works cross-platform. This puts iPhone and iPad users at particular risk because they often feel they are immune to attack.


Featured Lists

Top 10 CISOs in APAC

Cyber Magazine considers some of the leading CISOs across APAC who are committed to ensuring their respective companies have robust security strategies

Top 10 CISOs in North America

Cyber Magazine considers some of the leading Chief Information Security Officers (CISOs) who are committed to protecting sensitive business data

Top 10 CISOs in EMEA

We consider some of the leading CISOs within the EMEA region who are committed to developing and implementing security policies to protect critical data

Top 10 cyber unicorns

Application Security

Top 10 cyber consultants

Network Security

Top 10 cyber insurance companies

Operational Security