Many people are somewhat aware of phishing, which occurs when you receive emails appearing to originate from sources or contacts you know or trust, in attempt to lure you into clicking links and entering login credentials. Of course, phishing is a reference to the attackers’ strategy of luring the user with bait, therefor fishing for personal information. In that same sense, we have SMiShing. The “sm” comes from SMS, the protocol used to transmit text messages via cellular devices.
But what exactly is SMiShing you ask? It’s a type of attack phishing in which where scammers send text messages which appear to have been sent by a trusted person, prompting recipients to click on a link or provide credentials by replying. The name is a way of referring to SMS phishing. They can ask a recipient to register for an online service, pay a bill, get lower insurance, ect, then try to sneak a virus onto the users’ device. Some attackers send texts with links that, if clicked, will install keyloggers or redirect to malicious websites designed to steal information, while others trick users into calling numbers that can rack up outrageous charges to their phone bills.
Attackers have access to technology that generates a list of cell phone numbers for a specific area code, then adding in a call carrier’s extension. Finally they generate the last four numbers. Then using a mass text messaging service, the attacker distributes their SMiShing messages.
This attack is effective because we are still conditioned to trust our mobile devices and the text messages we receive. People click on these links thinking they are harmless, or simply click them by accident before reading them. Also, there’s no easy way for us to preview links in a text message like we can when we are viewing an email on a computer.
What can you do to protect yourself and your device from SMiShing?
– Be aware of how this type of scam works. Understanding an attack is always the first step to preventing it.
– Avoid clicking any links within text messages, especially if they are sent from someone you don’t know.
– If you notice the telephone number is in a strange or unexpected format, or if there is any doubt, delete it straight away.
– Don’t respond to any text message requesting your personal information. If it’s a legitimate source, they will contact you another way.
– Consider using a mobile security application that includes SMS (text) filtering as well as anti-theft, antivirus, and web protection.
– Treat your phones with the same level of concern that you would apply to your laptop or PC.