SMS Phishing Is Even More Insidious Than Email Phishing

Most people spend a lot more time looking at their phones than at their desktop screens. Cyber-criminals know this, and they’re increasingly targeting their victims through SMS phishing, or “smishing.”

“SMS” stands for “short message service” and is the technical term for the text messages you receive on your phone. In smishing attacks, criminals use fraudulent, authentic-looking text messages to dupe their victims into disclosing sensitive information, downloading malware, or even sending money directly to the cybercriminals.

Smishing is a social-engineering attack: It plays upon peoples’ innate sense of trust in authority and their desire to cooperate. Smishing messages are designed to look like an authentic communication from a trusted source.

Basically, smishing is just the text-message version of the old email phishing scams, which have been around for decades. A smishing attack might appear to come from a financial institution, a shopping site, or even a company seeking to hire you.

Smishing messages often include imitations of logos from large, trusted organizations. These logos also easy for thieves to steal, and many people are fooled by this simple slight-of hand. Cybercriminals can pose as banks, large retail stores, or even government agencies. Those who fall for the ruse can easily end up with an empty bank account or their identities for sale on the dark web.

Over the last few of years, for example, people have been receiving counterfeit Treasury Department texts with a link to a website that promises them “Stimulus Checks” if they enter their bank or credit-card details. Other common types of smishing messages include tech-support impersonations, phony bank-account balance warnings, and counterfeit customer-service notices.

How to Avoid Being Phished

  • Do not reply to any suspicious texts. Doing so confirms that your cellphone number is real and active, and you’ll likely be targeted for multiple further attacks.
  • Opt out of receiving marketing texts. The fewer lists your number is on, the easier your life will be.
  • Watch for obvious spelling or grammatical errors, which could indicate that the author of the text is poorly educated or a non-English speaker.
  • If you see any noticeable inaccuracies in the design or colors of corporate logos, they probably mean that the SMS message is not from the organization it claims to be.
  • Many smishing attacks feature urgent messages designed to frighten the recipient into taking a careless action, but legitimate businesses will give their customers ample notice about any potential issues. Delete the message; if you’re still concerned about its content, contact the company directly.
  • Most important, do not click any hyperlink within an SMS message. Legitimate sources are aware of the danger that smishing represents and will provide you with alternative means of contacting them.

Netmaker Communications, LLC, is a widely-acknowledged expert on cybersecurity. Feel free to contact us about SMS phishing or any other threats you come across online.