we are here

Smishing

Smishing

When it comes to receiving text messages from unfamiliar or unexpected sources, it is crucial to remain vigilant and cautious. Cybercriminals frequently use phishing as a way to launch malicious attacks, which can include identity theft or malware distribution. Unfortunately, this attack vector continues to grow in popularity, and its impact is increasing.

In this context, we would like to draw attention to a type of phishing that has gained popularity among cybercriminals in recent years but is not often discussed: smishing. Smishing, or phishing through SMS, is a common tactic because it exploits the widespread use of text messaging and the trust people have in messages from reputable sources like banks or government agencies. Additionally, SMS messages have a higher open rate than emails, making it more likely that victims will see and respond to the smishing message.

Smishing, or phishing via SMS, works by using similar tactics as email scams. These text messages often create a sense of urgency and pressure the recipient to act quickly without taking the time to think it through. This sense of urgency is heightened by the high open rates of text messages, which can be as high as 98%, making it an attractive method for cybercriminals.

One advantage for cybercriminals is that most spam filters are designed to detect and block phishing emails, not text messages. Additionally, SMS messages are often opened on mobile devices which are considered safer by users, but may not have the same level of antivirus protection as personal computers. This means that cybercriminals can take advantage of the higher open rates of text messages and the lack of antivirus protection on mobile devices to target victims.

To recognize smishing messages, the best way is to read through real-life examples of cyberattacks. Here are some common topics used in smishing attacks, but it's essential to remember that cybercriminals may try different tactics to trick victims.

  • Financial alerts: Scammers pretending to be a bank or financial institution send text messages claiming there has been suspicious activity on the victim's account, urging them to click on a link to resolve the issue.
  • Package delivery notifications: Attackers send fake delivery notifications claiming that a package could not be delivered and asking the recipient to click on a link to track the package.
  • Tax alerts: Scammers send messages claiming to be from a government tax agency, such as the IRS, asking the recipient to click on a link to resolve a situation.
  • Charity scams: Smishers claim to be from a charity or non-profit organization, asking victims for a donation and providing a link to make a contribution.
  • Lottery scams: Messages announce that the recipient has won a competition or lottery and ask them to click on a link to claim their prize.

It's crucial to be vigilant and cautious when receiving text messages from unknown or unexpected sources, particularly if they contain links or request sensitive information. Don't click on links or provide personal information in response to a text message without verifying the identity of the sender first. It's also critical to have protection installed on your phone, so even if you click on a malicious link, you can remain protected.