[ALERT] Smishing Attacks on the Rise
Scammers are endlessly adaptable, switching to new attack vectors as rapidly as users catch on to old ones. One of the “new” vectors is actually many years old, but it’s achieving some prominence now as cell phones have become nearly ubiquitous and users have raised their guards against email phishing scams. Read on for the scoop, and how to protect yourself from smishing attacks…
What is Smishing?
“Smishing” stands for “SMS phishing.” It’s a social-engineering technique that relies on text messages to dupe users into taking actions that reveal their sensitive personal information, or lure them to a rogue website that will sneakily infect their phones with malware.
A smishing message includes the usual elements of a scam: the false appearance of a trusted sender; a message designed to scare you; and a call to action that only appears to be a solution to the scary problem. You’ll have much bigger, real problems if you perform the suggested action.
The action requested may be a voice phone call to “account services” at your bank, Amazon, or another large company that most people know and trust. It may be a demand that you visit a website whose URL is specified in the message. Less often, it’s a request for a reply that leads to a text message dialogue with a scammer, or an automated bot that seems to be a person.
Whatever the action is, it leads to subtle requests for more and more information: Social Security Numbers, addresses, CVV numbers of credit/debit cards, login credentials, etc. These are things that no legitimate company will ever ask you to “verify” via text message, email, or over the phone.
Smishing has been around for many years, but recently there has been a surge of smishing attacks that has security experts sounding the alarm more loudly. There are several reasons why smishing is a growing threat:
Why is Smishing a Growing Concern?
The response rate of email phishing has fallen considerably, as more users become aware of the telltale signs of phishing and refuse to take the bait. But many people still trust their phones, and are unaware of the techniques that scammers can use. Another factor is that people are often distracted and on the move when they receive a text, and may respond without thinking.
A smishing message might include a warning purportedly from your bank, informing you of an unauthorized purchase, or some other company telling you that your account was frozen due to fraudulent activity. Another common one is the "You just won a prize (or gift card)" message. These scams may encourage you to click a link or call a phone number. Don't -- instead call the company (with a phone number you know is correct) and report the message to their security department. Or just chuckle, and delete it.
The cost of sending smishing messages is virtually zero, allowing more bad actors to get into the smishing game with ever-higher volumes of bogus messages. Some bad guys run SMS servers that they rent out to other bad guys, making smishing attacks as easy as writing a bogus message and clicking on a few options. These scam-as-a-service operators even provide bogus websites that look very much like those of familiar banks and other trusted companies.
There are no apps that detect smishing messages effectively. It’s incumbent upon you to know the telltale signs of a scam and just refuse to go along with it. Never call a phone number in a text that purports to be your bank’s. Never click on a shortened URL in a text message; you have no idea where it will lead. Keep your mental guard up at all times.
If you're not sure who the sender of a text message is, my advice is to delete it and move on. Have you ever gotten a suspicious text message, or one that was just spam? Your thoughts on this topic are welcome. Post a comment or question below...
This article was posted by Bob Rankin on 25 Jul 2017
|For Fun: Buy Bob a Snickers.|
Did You Know Your Smartphone Could Do This?
The Top Twenty
Geekly Update - 26 Jul 2017
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- [ALERT] Smishing Attacks on the Rise (Posted: 25 Jul 2017)
Copyright © 2005 - Bob Rankin - All Rights Reserved