What you need to know about Smishing

If you’re a frequent email user, chances are you’ve encountered a phishing attack at some point. Phishing emails typically encourage users to inadvertently download ransomware or click on links to web pages where criminals can steal sensitive data. Although many web users are wise to such tactics, phishing attacks are spiraling out of control, with 74% of US companies experiencing a successful infiltration in 2020. 

Read: 5 Ways to Protect Your Email Accounts

One way that phishers enhance their tactics is by broadening the number of channels they use to exploit victims. Smishing – or SMS phishing – has become a particularly popular technique. If you’re unfamiliar with the term and what it entails, we’ve put together an introductory guide to help protect you and/or your company from an attack. 

What is the difference between smishing and phishing?

The difference between smishing and traditional phishing is simple: smishing attacks or cell phone phishing involve text messaging services rather than email. As with phishing, smishing messages are manipulative text messages and often contain malicious malware or links to obtain sensitive data. The most common forms of attack include:

• Banking scams: Hackers often send ‘urgent’ text messages pretending to be from the recipient’s bank. These messages often ask recipients to connect to the bank via a link to verify expensive purchases. After clicking on the link, the victim will be asked to hand over their confidential bank details, which the scammer can use to withdraw money or make purchases.
• Phone upgrade scams: Some smishing attacks offer victims attractive deals such as phone upgrades. Similar to banking scams, these messages often ask recipients to hand over financial details. Sometimes, they contain malware that cybercriminals use to spy on the victim and steal their identity. 
• Delivery scams: With e-commerce on the rise, an increasing number of cybercriminals are sending fraudulent SMS messages claiming to be from delivery companies. Usually, they state that they could not deliver a parcel and require the recipient’s financial details to cover redelivery fees. 

Why is smishing on the rise? 

There are several reasons why smishing is becoming such a common practice, including:

• Unlike email addresses, it is easy to guess phone numbers. Cybercriminals can send out mass SMS messages to huge lists of randomly generated phone numbers. A substantial proportion of these messages will reach unsuspecting victims. 
• According to recent stats, 60% of people read text messages within five minutes of receiving them. Meanwhile, the average American adult has 500 unread emails floating around their inboxes. This means smishing is a more efficient way of luring victims quickly.❗

How can I avoid falling prey to smishing?

Unfortunately, most people with cell phones will receive smishing communications. The best way to protect yourself from financial or reputational damage is to know the signs of a fraudulent SMS message. 

Read: How a Password on the Dark Web Caused a Gas Shortage

If a text message asks you to hand over personal information such as a password, credit card number, or Social Security number, it is likely fraudulent. Banks, government agencies, and similar institutions never ask for details in this way. If you’re at all suspicious of a communication, report it to the organization from whom it claims to be sent to verify its legitimacy. Be wary of delivery scams especially over the holidays. 

Read: A New Kind of Attack: Distributed Spam Distraction - Blueteam Networks

If a message asks you to click on a link to take advantage of a special offer, you should also treat it with suspicion. Offers that appear too good to be true usually are. If you're not sure, go to the company's official website and look for the offer there. 

Finally, it is worth noting that you should never reply to smishing messages. Even a simple reply of ‘STOP’ will alert scammers that your phone number is active, and you will be bombarded with further fraudulent messages. It's also a good idea to block those numbers that are involved in these scams. 

These cyber scams can affect individuals and businesses. Businesses must train their employees to recognize these scams to prevent operating losses and protect data. We recommend that all businesses, no matter their size, implement Security Awareness Training. It's a critical yet easy layer of security that is super easy to implement.

Blueteam Networks is an experienced MSP that serves all of Central Ohio and beyond. We'd love to help keep your business safe and running smoothly! We offer managed IT services with the level of security that is appropriate for your industry. Let's talk!

Read: How to Create a Human Firewall at Your Business and Why You Need One