• Mohammed Yusuf

Smishing: The Latest Arrival to the Cyber Attack Realm

We all have that one cousin who is more loud and obnoxious than us. You know the one you don’t want to invite to the family event because they just instantly become the center of attention. Well in the case of phishing, that family member is Smishing.

What Is Smishing

Smishing is a form of phishing when someone tries to trick you into giving them your private information via text or SMS (Text) message. Small business and their employees are utilizing text messages frequently to speed up communication and collaboration. The utilization of this medium has led to a growth in the use of smishing.

Smishing is particularly scary because sometimes people tend to be more inclined to trust a text message than an email. In many situations, the text message will contain a URL or phone number, where the phone number has an automated voice response system. And similarly, to phishing emails, the smishing message is asking for your immediate attention. The text message coming from a phone number such as “5000” and seemingly legitimate contains an attachment that downloads a virus or malware that allows the scammers to access all information on your phone and possibly control it.

Types of Smishing

Though smishing can take many forms, they tend to come in the three ways:

Business: This type of text message will look similar to a business such as your bank, payment app or mobile service provider. It's set up to convince you to respond to the message with information or provide a link for you to click and enter login credentials. Simply by indicating there is an issue with your account and imploring immediate action.

Friendly: The approach from these attacks are slightly different as they use a conversational or flirtatious tone to gain your attention. The objective is to pretend to be a friendly stranger or someone you know. These may be attempts at social engineering (manipulating you to get sensitive information out of you) for future scams, or may even contain malicious links such as “Check out these photos of us.”

You’re a Winner: This is an oldie but goodie. Scammers create a fake contest or prize drawing scam. The text message claims you have won the prize and click on the link or respond to the text to “claim your prize.”

Protecting Yourself

Attackers are very good at making the emails and text messages look authentic. The fake text from your bank, or from PayPal or Venmo could look like the real thing, so the temptation to take action is understandable. To protect yourself and your business, here are some tips.

  1. Don’t click on links on your phone unless you know the sender

  2. Utilize an MSP with Mobile Device Monitoring

  3. Engage in Security Awareness Training

  4. When in doubt contact the business directly

  5. Don’t sign up for random rewards via Social Media

  6. Don’t publish your phone number online

  7. Utilize a service like Google Voice as a secondary number for sites that need your number.

Smishing continues to grow due to the increased popularity of mobile banking. Smartphones are used for all types of activities today, hence increasing the danger of smishing attacks. Until security measures for mobile devices are vastly improved, take heed to my advice and stay away from suspicious-looking texts.