Skip to main content

What is Smishing and How to Protect Against it?

 


Most people who use email somewhat regularly have heard about phishing and may even have some idea how to protect themselves against it (if you don’t here’s a good reminder on how to protect from an email-based phishing attack).

However, what a lot of folks don’t know is that phishing doesn’t have to come from only email.

Although email is the most popular target for phishing attacks, phishing can also be done via text messages or SMS (smishing), phone calls (vishing), social networks direct messages (angler phishing), hypertexts (HTTPS phishing) and so on.

In this article, we’ll explain what one of these phishing methods is, particularly smishing, how scammers target users via SMS messages and how to best protect against it.

How Criminals Use SMS Messages for Fraud?

One of the biggest dangers of smishing is that not that many people are actually familiar with it.

According to the 2020 State of the Phish report by Proofpoint, less than 35% of the population can define smishing. What’s even worse is that the younger age groups, 18-22 and 23-38, who should normally be more familiar with things like these (since they more often use Android devices) did not fare much better compared to those over 55 years.


On the other hand, there were around 131.2 million Android users in the United States in 2021 and it’s estimated that in 2022 that number will rise to 133.4 million, per Statista.

An average user aged 18-24, receives 1,831 text messages per month, or around 61 per day, according to Experian.

This is exactly what fraudsters are looking for. If you receive 50+ SMS messages every day, how much attention do y0u really pay to each of them? We use our mobile devices often without thinking to mindlessly scroll through social media, check email, have chats on Viber or WhatsApp and, of course, text others and have others text us.

Phishing Using Text Messages is on the Rise

Scammers are well aware of all of this and smishing attacks have increased by nearly 700% in the first 6 months of 2021 (January-July) compared to the last 6 months of 2020 (July-December).

To make matters worse, encrypted messaging apps like WhatsApp and Signal are not immune to text-stealing malware. According to the EFF (Electronic Frontier Foundation), an international hacking group called “Dark Caracal” has been using phishing links sent through text message, WhatsApp, Messenger and Signal to redirect Android users to download fake updates for these apps and steal their sensitive data.

Do you know how to protect your Android phone or tablet? Here are 15 ways to make it more private and secure.

What are the Most Common Smishing Attacks?

Smishers employ mostly similar tactics that email phishers do. Usually, either the potential victim needs to urgently update their login information, claim a reward, or make some other action on their bank or credit account.

Of course, in doing so, the victim is opening the door for the fraudster to steal their confidential information and more.

Although “smishers” can use any kind of text message for this, there are 4 main types of smishing that you should particularly be aware of:

1) A notification that you’ve won an award and need to claim it

Who doesn’t like to hear that they’ve won something? Especially if they never participated in the lottery but their number just randomly got drawn.

Why, of course I’m going to “respond promptly” with all my sensitive information to something like this:





Of course, this is from an email, but you might receive a similar text message as well, usually with a malicious link that you need to click to “claim” your prize. Before you do that, stop a second to think – did you enter anything?

2) Text messages claiming to be from your bank

Another common type of smishing are messages that supposedly come from your (or any bank, it doesn’t have to be the one you’re a client of).


These messages will usually tell you something along the lines of “your account has been locked” and ask you to click on a link where you’ll need to enter your password to log in. Of course, by doing this, the scammer can steal personal information from you.

In reality, banks will rarely send you text messages and if they do, they’ll be about suspicious purchases from your account or for authentication codes, but they will never include links.

3) Fake shipping messages

More and more brands use SMS to deliver important updates to their customers, including letting them know, for instance, that their package has arrived.

Threat actors, of course, are trying to do the same.

These messages can be particularly dangerous. A new type of text message scam, the “Flubot malware” has been active in Australia in September last year, as cybercriminals were sending text messages claiming to be regarding packages that their victims ordered.

These messages also included a link, that if the user clicked on would send them to another page to “track the package”, which of course, contained malware and was used for stealing passwords and other sensitive information.

4) Fake surveys

Fake surveys are perhaps the least common type of smishing for the simple fact that even real surveys are often unsolicited so people rarely respond to these, let alone fake ones.

That said, from time to time, someone gets one of these and is bored enough to respond without thinking.

How to Protect Against Smishing?

Text message or SMS phishing, is on the rise as more and more businesses use SMS to communicate with their customers. The FBI’s Internet Crime Complaint Center (IC3) reported in 2020 more than 240,000 cases of phishing, smishing, vishing and pharming, which cost over $54 million.

So how can you stay safe and avoid falling victim to scams like these?

  1. Don’t click on links in SMS messages that you’re not 100% sure where they came from. These links will most likely contain malware which can then spread on your Android device
  2. Pay attention to messages from strange phone numbers like “5000”. Such numbers go to email-to-text services and are often used by criminals
  3. Your bank or credit agency will never, NEVER, ask you to update your account information in this way. If you receive such a message, contact your financial institution and warn them about the scam
  4. If you receive an “urgent” message or a security alert, don’t rush to take action.
  5. Don’t “claim rewards” for prizes you never participated in. You can’t win something if you don’t play
  6. If you receive a fraudulent SMS, report it to the FCC or FTC

Finally, keep your eyes open and if you’re not sure about a message and it looks even a little “phishy”, don’t take the bait.

Comments

Popular posts from this blog

How to hack wifi in Windows 7/8/8.1/10 without any software | using with cmd

How to Hack Wifi password using cmd Hello Friends, In this article we will share some tricks that can help you to hack wifi password using cmd. Youcan experiment these trick with your neighbors or friends. It’s not necessarily that this trick will work with every wifi because of upgraded hardware. But you can still try this crack with wifi having old modems or routers. 1: WEP: Wired Equivalent Privacy (WEP) is one of the widely used security key in wifi devices. It is also the oldest and most popular key and was added in 1999. WEP uses 128 bit and 256-bit encryption. With the help of this tutorial, you can easily get into 128-bit encryption and Hack WiFi password using CMD. 2: WAP and WAP2: Wi-Fi Protected Access is an another version of WiFi encryption and was first used in 2003. It uses the 256-bit encryption model and is tough to hack. WAP2 is an updated version of WAP and was introduced in 2006. Since then it has replaced WAP and is now been used mostly in offices and colle...

A Beginner’s Guide to Getting Started with Bitcoin

A man looks for Bitcoin Oasis If you have heard about blockchain or cryptocurrency, then the term that initially comes to mind is Bitcoin . Launched 12 years ago, it was the late 2017 bull run that created a media frenzy that propelled Bitcoin into the mainstream and our modern day lexicon. Often labeled as the “original” cryptocurrency, Bitcoin has been the catalyst (directly and/or indirectly) behind many new innovations in the blockchain and digital asset space, most notably Ethereum and Monero . Shortly after the late 2017 bull run lost its steam, interest in these new technologies started to fade ― but here we are in 2021 with Bitcoin having risen like a phoenix from the ashes. As you would assume, an appetite for the blockchain and digital asset space has returned and now it is more important than ever that we understand what exactly is behind this unique asset, Bitcoin. This article is meant to be a guide for individuals who are new to cryptocurren...

Copilot - Microsoft is gearing up to introduce its AI companion

 Microsoft is gearing up to introduce its AI companion, Copilot, this upcoming fall season. The highly-anticipated rollout is scheduled for September 26, with Copilot poised to seamlessly integrate with various Microsoft services, including Windows 11 and Microsoft 365. Additionally, enterprise customers can look forward to the availability of a new AI assistant, Microsoft 365 Chat, starting in November. Copilot, described by Yusuf Mehdi, Corporate Vice President and Consumer Chief Marketing Officer at Microsoft, as an "everyday AI companion," aims to make your daily workflow smoother and more efficient. Its primary goal is to embed an AI-powered "copilot" within Microsoft's most popular products, ensuring widespread accessibility. What distinguishes Copilot from other AI assistants is its focus on integration. Rather than operating in isolation within specific applications, Copilot promises a seamless user experience across multiple Microsoft products. This com...