What is Smishing and How Do You Protect Yourself?

Most people have heard of phishing, a type of online scam that uses email to trick internet users into giving up sensitive information like usernames, passwords, and credit card information. A similar scam is emerging in popularity called “smishing.” An amalgamation of the terms “SMS” and “phishing,” smishing is a type of scam that targets its victims through the use of text messages. These attacks aim to steal information, or to install a virus on a user’s smartphone. Because they’re less often mentioned in the media than phishing attacks, many people are unaware that smishing exists and are therefore more likely to trust the contents of a text message. So what is smishing able to do with your devices and how do you protect yourself?

• What do these attacks look like?
• How do you identify them?
• How do you protect yourself?

What Do These Attacks Look Like?

Most phishing attacks come in the form of an email that looks like a communication from a legitimate source, such as a banking institution. They often mimic the layout of a real email, including elements like logos and signatures. Because text messages don’t include these visual elements, a smishing attack may be harder to distinguish. So, when determining what is smishing and what is not, it can be helpful to be aware of some of the most common scams:

• Messages that claim to be from a government agency (or something equally official) and request your sensitive information.
• Texts from your banking institution asking you to log in or send them credit card information.
• Messages with links that urge you to download something or ask for your credit card information.
• Messages from police organizations or similar agencies informing you that someone you know is in trouble and needs you to send them money.
• Texts claiming you won a lottery. However, you must send them a “processing fee” to claim your reward, or otherwise ask for your personal information.
• Messages that claim you have been “subscribed” to a service and will be charged unless you access the unsubscribe link, or send them money to “cancel.”
• Suspicious texts from phone numbers that appear to be from a friend (if they fall victim to a smishing attack, a hacker may be able to send messages from their devices).

How Do You Identify What is Smishing and What Isn’t?

If you receive a text message that you think is suspicious but can’t be sure, there are a few tell-tale signs that may indicate whether or not you have been targeted by a smishing attack. They include:

• Unbelievable Deals: Many hackers who use smishing in their scams pose as businesses informing customers of amazing deals. However, if the deal is just a little bit too amazing, it’s probably too good to be true.
• Urgency: The best scams rely on creating a sense of urgency and panic in their targets. By forcing people to act quickly, a smishing scam reduces the amount of time people have to doubt the legitimacy of a text.
• Requests for Personal Information: Any legitimate organization should go to great lengths to protect the private information of their customers. That means they should never ask for sensitive information like usernames, passwords, and credit card information via text message.
• Links: Unless you are expecting a text message with a link, from a sender you trust, links are otherwise difficult to verify and should generally be considered as untrustworthy, especially if they have been shortened.
• Spelling and Grammar Mistakes: While this sign is certainly no guarantee that a text message is illegitimate, in general, a message from a real company should not include spelling or grammar errors.
• Phone Numbers with Strange Configurations: If you receive a text message from a phone number that doesn’t look like a phone number, it may be safe to assume that it’s a scam.

How Do You Protect Yourself?

At this point, you should be able to answer the question “what is smishing?” You should also know how to identify a possible attack. But how do you then protect yourself? There are a few different options everyone can use:

• Be Vigilant: The fastest way to prevent yourself from falling for a smishing attack is to be vigilant. Take the time to critically examine strange text messages in order to identify them as a potential scam. Recognizing an attack prevents you from falling for one.
• Don’t Respond: Some smishing attacks may ask you to reply to a text to stop receiving further communications. However, it’s always best to not respond. When hackers launch this type of attack, they often target a randomized range of phone numbers. By responding to their messages, you indicate that your phone number is active and make further messages more likely.
• Contact the Organization: Most government or financial institutions will never ask for your private information via text message. Always keep this in mind. If an organization is asking for suspicious amounts of data with a text message, assume it’s probably a scam. However, if you want to be extra certain, find the legitimate contact information for the organization claiming to be contacting you (do NOT reach out to the phone number sending the text messages) and ask them directly.
• Report It: If you receive a text you believe is a smishing scam, report it to local law enforcement. This information may make official agencies aware of a larger security issue in order to stop it.
• Don’t Click Any Links: If a text message includes a link for you to click, simply avoid it. Instead, manually navigate to the appropriate website through your web browser.
• Use Your Common Sense: If you think a message is suspicious stay safe by trusting your instincts.

---

Smishing and phishing attacks continue to plague technology users around the world. Your best defence against them is to understand what the attacks are and how to keep yourself safe.

To protect yourself further, browse the web privately and safely with HotBot VPN.

]]>