Smishing: What is it and how does it affect me?
Smishing (SMS phishing) and mobile-borne cyber-attacks, increased by 500% during 2022. Smishing attempts have risen dramatically with fraudsters taking advantage of world events, (such as the Covid-19 pandemic) to further trick their victims.
Find out about more, including what you can do about it, below.
What is Smishing?
SMS phishing or smishing is conceptually similar to email phishing, except attackers use mobile/cell phone text (SMS) messages to deliver the “bait”.
Smishing attacks typically require the user to click a link, call a phone number, or contact an email address provided by the attacker in the text message.
The victim is then prompted to provide their private data and, often, credentials to other websites or services which the attacker will then use for their financial gain.
Furthermore, due to the nature of mobile browsers, URLs may not be fully displayed which makes it more difficult to identify an illegitimate logon page or web site.
What the attackers want
Like most attackers they are out to steal your personal data, which they can then use to steal money, usually yours but sometimes your company’s too.
These “bad actors” typically use two methods to steal this data. They try to trick you into downloading malware that installs itself on your phone. This malware might masquerade as a legitimate app tricking you into entering confidential information which then is sent back to the cybercriminals.
Another method might be to use a link in the smishing message taking you to a fake site where you’re asked to type sensitive information that the cybercriminals can use against you further.
As more and more people use smartphones for work (a trend called BYOD, or “bring your own device”), smishing is becoming a business threat as well as a consumer threat.
It should come as no surprise that smishing has become the leading form of malicious text message.
We introduced the world’s first fully customisable simulated smishing-as-a-service feature which is a great way to educate and train your work-force in the dangers of smishing. To complement that service we have provided some tips below on how to become safer against this rising threat vector. Several of these principles apply to all forms of phishing, and not just smishing.
We recommend all readers educate themselves on the dangers of smishing. With well managed Security Awareness Training the threat posed by today’s advanced smishing techniques can be significantly reduced. Take back control, today.