[ALERT] Smishing Attacks on the Rise

Category: Mobile , Security

Scammers are endlessly adaptable, switching to new attack vectors as rapidly as users catch on to old ones. One of the “new” vectors is actually many years old, but it’s achieving some prominence now as cell phones have become nearly ubiquitous and users have raised their guards against email phishing scams. Read on for the scoop, and how to protect yourself from smishing attacks…

What is Smishing?

“Smishing” stands for “SMS phishing.” It’s a social-engineering technique that relies on text messages to dupe users into taking actions that reveal their sensitive personal information, or lure them to a rogue website that will sneakily infect their phones with malware.

A smishing message includes the usual elements of a scam: the false appearance of a trusted sender; a message designed to scare you; and a call to action that only appears to be a solution to the scary problem. You’ll have much bigger, real problems if you perform the suggested action.

The action requested may be a voice phone call to “account services” at your bank, Amazon, or another large company that most people know and trust. It may be a demand that you visit a website whose URL is specified in the message. Less often, it’s a request for a reply that leads to a text message dialogue with a scammer, or an automated bot that seems to be a person.

what is smishing?

Whatever the action is, it leads to subtle requests for more and more information: Social Security Numbers, addresses, CVV numbers of credit/debit cards, login credentials, etc. These are things that no legitimate company will ever ask you to “verify” via text message, email, or over the phone.

Smishing has been around for many years, but recently there has been a surge of smishing attacks that has security experts sounding the alarm more loudly. There are several reasons why smishing is a growing threat:

Why is Smishing a Growing Concern?

This is a good time to remind AskBob readers about the importance of Two-Factor Authentication, or 2FA for short. It sounds geeky, but it's actually a simple tool that can protect you even if a hacker steals all your passwords. See my article What is Two-Factor Authentication? for details on that. And while we're on the subject, see my 5-Point Tuneup For Hacker Defenses.

The response rate of email phishing has fallen considerably, as more users become aware of the telltale signs of phishing and refuse to take the bait. But many people still trust their phones, and are unaware of the techniques that scammers can use. Another factor is that people are often distracted and on the move when they receive a text, and may respond without thinking.

A smishing message might include a warning purportedly from your bank, informing you of an unauthorized purchase, or some other company telling you that your account was frozen due to fraudulent activity. Another common one is the "You just won a prize (or gift card)" message. These scams may encourage you to click a link or call a phone number. Don't -- instead call the company (with a phone number you know is correct) and report the message to their security department. Or just chuckle, and delete it.

The cost of sending smishing messages is virtually zero, allowing more bad actors to get into the smishing game with ever-higher volumes of bogus messages. Some bad guys run SMS servers that they rent out to other bad guys, making smishing attacks as easy as writing a bogus message and clicking on a few options. These scam-as-a-service operators even provide bogus websites that look very much like those of familiar banks and other trusted companies.

There are no apps that detect smishing messages effectively. It’s incumbent upon you to know the telltale signs of a scam and just refuse to go along with it. Never call a phone number in a text that purports to be your bank’s. Never click on a shortened URL in a text message; you have no idea where it will lead. Keep your mental guard up at all times.

If you're not sure who the sender of a text message is, my advice is to delete it and move on. Have you ever gotten a suspicious text message, or one that was just spam? Your thoughts on this topic are welcome. Post a comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 25 Jul 2017

For Fun: Buy Bob a Snickers.

Prev Article:
Did You Know Your Smartphone Could Do This?

The Top Twenty
Next Article:
Geekly Update - 26 Jul 2017

Most recent comments on "[ALERT] Smishing Attacks on the Rise"

Posted by:

25 Jul 2017

Have read your Smishing content. I have always either deleted or blocked email received that I don't recognize as from a known sender. Your other readers should take note and do the same.
have a good day. >

Posted by:

25 Jul 2017

Thank you Bob. Not many in my country know what 'smishing' is - myself included. Consequently I shall spread the knowledge and warnings.

Posted by:

25 Jul 2017

Bob, everyone, you've probably seen this. But, just in case. It's therapy.
A Geek gets revenge on a hacking firm. Shut them down. Found them again. Shut. them. down


Posted by:

Mac 'n' Cheese
25 Jul 2017

W A R N I N G ! ! !

Do NOT click the address in Pati's email unless you KNOW what you're doing.

The address "youtu.be" is NOT the same as "youtube.com."

I don't know what "youtu.be" is, so I'm not clicking it. I advise you not to click it, either.

Sorry, Pati, if I've raised a false alarm. But clicking on an address that looks "almost right" almost always gets one into trouble!


Posted by:

25 Jul 2017

As a long time computer troubleshooter, not breaking focus is always paramount to solving problems quickly and efficiently. As texting started getting popular, I determined early-on that there was nothing so important, that it required drawing my attention away from tasks at-hand, to read/respond to everyone's silly instant messages. (If something is truly important, phone me and tell me about it!)

Additionally, after starting to receive SPAM texts advertising businesses many miles away (and counted against my mobile plan), I had my service provider, block ALL text messages.

Over the years, I finally had the service unblocked. Now, whenever SPAM of any kind arrives, I block the number and delete the text without reading it. I haven't had any smishing, since I've only found ONE tolerable use for texting and anything else would be pretty obvious... Just prior to a video call:


Posted by:

Tom S.
25 Jul 2017

Actually, it is the same, kind of. "youtu.be/{video code}" is YouTube's shortened version of "www.youtube.com/watch?v={video code}". You get the shortened version when you click the "share" button on a YouTube video.


Posted by:

25 Jul 2017

Noted, and shared. Thanks so much!

Posted by:

Sharon H
25 Jul 2017

I fell for one of these attacks, even though I consider myself computer savvy. It was supposedly from Amazon, and the subject was about a cancellation of my order. I learned my lesson, and just hover my cursor over the sender email. This reveals the real origin of the message, which invariably is in a foreign country.

Speaking of which, sometimes the English/grammar/spelling is absolutely hilarious. If you have a question, always go to the website (such as Amazon) and see if there is an actual problem.

Posted by:

Sharon H
25 Jul 2017

Mac 'n' Cheese-That is actually how a YouTube URL looks if you click share and send the code through an email. I don't know why, but that's how YT has things set up. I just sent my husband a link to a YT video of a wonderful soprano singing her heart out. All forwarded videos on YouTube come with that odd set up of a . between the tu and be.

You can try this: just go to any video, click "share" and the odd URL will pop up. If you wish, you can instead go to the address line at the top of the page, highlight it and just cut and paste into your email--it does not contain that odd ".". Hope this clears things up a bit.

Posted by:

25 Jul 2017

BOB.......Is it wise for your commenters to be allowed to post links (like Pati?) Might be facilitating the very thing being warned about....

Posted by:

26 Jul 2017

I have never used SMS texting. I have no use for it and I have it TURNED OFF with my cellular carrier!

Posted by:

27 Jul 2017

Ironically, after receiving Bob's e-mail re: 'smishing', I received another email about a PayPal charge made in Bangkok. At first I suspected a fraudulent charge on a credit card. Verified that wasn't the case. I reviewed the e-mail and the wording was disjointed and not what a company like PayPal would use in the business world. So, as Bob suggested, I chuckled and deleted e-mail.

Posted by:

27 Jul 2017

Out of the blue a couple of months ago I started to get smishing msgs on my phone. Got about half a dozen of them, all within about 10 days. This was the first time I have had this happen in 4 years of owning this phone. Fortunately they were pretty obvious scams, so I had no trouble figuring out not to respond. I informed my service provider, who actually reimbursed me for all of the msgs, and also told me that their techs were working on ways to better identify and/or block theses kinds of msgs. After I had informed my service provider, I blocked the numbers so they could not call me again, at least not from the same number, and then deleted the msgs. So far, that seems to have done the trick. No smishing since then.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy     RSS/XML

Article information: AskBobRankin -- [ALERT] Smishing Attacks on the Rise (Posted: 25 Jul 2017)
Source: https://askbobrankin.com/alert_smishing_attacks_on_the_rise.html
Copyright © 2005 - Bob Rankin - All Rights Reserved