Billions of email users are aware of the risks of phishing. But what about ‘smishing’? It’s a growing trend with cybercriminals and potentially a threat to anyone using a smartphone. Understanding smishing is essential. Here is how to spot smishing attempts and how to protect yourself and your business against them.
The word smishing is a blend of the terms SMS and phishing. While phishing refers to emails, smishing talks about fake text messages sent to your smartphone. Smishing messages generally try to trick you into thinking they were sent by a person or an institution you trust.
The sender may look like your bank or a service provider you use regularly. They may also pose as a close friend whose messages you would trust implicitly. Smishing messages ask the recipient to share personal information such as login details. Other smishing attempts include malicious links or attachments encouraging malware downloads.
While it is not exactly known when smishing first started, Google Trends shows that it has snowballed over the past decade. As more people rely on their smartphones to perform a multitude of tasks, criminals are also targeting phones.
Receiving urgent messages from the taxman, your bank, or your credit card company can be unsettling. This is what cybercriminals count on. They hope to surprise you with an unexpected message implying severe consequences if you do not react fast.
Such messages may try to trick you into believing your account has been locked or breached. They may ask you to follow a link to rectify the problem or confirm personal information to restore access.
If something seems too good to be true, it probably is. This is never truer than when you receive messages declaring you the winner of a competition you never entered.
Only a few years ago, similar scams were sent in the mail. At the time, it wasn’t obvious to many that the letter in question was a scam. This remains true today.
You may think that you would easily recognize a smishing message. However, people are easily tempted by something free, and – hand on heart, who does not like to win a competition?
Cybercriminals are clever enough to pose as large, trusted brands. They bank on the fact that most of us have, for example, ordered from companies like Amazon before. Because we have an account set up with the company, it would not be surprising to receive a text message.
This strategy continues to grow as more companies use SMS as part of their customer service offering. Receiving messages with links to tracking tools has become routine. On the other hand, distinguishing between a real and a fake message is getting harder.
Stop and Review
Do not be pressured into reacting quickly. Even if a text message is labouring the urgency of a reply, stop and ask yourself whether the sender is likely to contact you via your phone.
Banks and financial institutions tend to use one particular means of communication. If your bank typically emails you with important information, they are unlikely to change to text messages without prior notice.
Taking a moment to pause and consider whether the message is legitimate can go a long way towards protecting you. If you are at all unsure, do not reply. Instead, phone the assumed sender to ensure that you are in control of the conversation.
Mind Your Device
As email phishing attempts increased, most of us learned not to open suspicious emails or click on links we were unsure about. The same has not yet happened for smartphones. Many people believe their phones are inherently safer than their email inboxes simply because they feel more personal.
If you are using an Android device, you may be more at risk. There is more malware out there for Android devices. The reason is that there are so many of those devices, making them an easy target. This does not mean that iPhone users are completely safe. Smishing technology works across different platforms. Apple’s iOS technology has a reputation for security, but users should still be vigilant.
A false sense of security opens doors to criminals.
Protect Your Information
Every year, our phones can hold more and more information. While this is convenient, it can also be dangerous. Be mindful of how your data is stored on your device.
Avoiding malware is part of this. However, storing your information securely, for example, in vault-type apps, can also help limit the damage malware can do. If you are using apps designed to protect sensitive information, make sure you equip them with unique passwords and close them after each use.
Like phishing before it, smishing is here to stay. Protecting yourself, your team, and your business does not have to be complicated. Taking a few seconds to think before clicking unknown links or opening attachments can help keep your data safe. Similarly, storing sensitive information in purpose-built apps allows you to avoid becoming a victim to cybercriminals.