Just what is smishing? – e-Why, What & How

Lately, when you visit your bank’s Website you’re likely to see a warning about smishing. They will instruct you not to click on links that purport to be from them & give away any of your personal data. That’s right, smishing is very much akin to phishing, but conducted by cybercriminals using SMS instead of email.

Banks & other legitimate Websites are all concerned about this nefarious practice at present because it’s becoming more & more common. The methodology is always the same. People receive an SMS which prompts them to click on it for various reasons. The SMS looks legitimate, but leads to a fake Website or app that requests personal information. It’s pretty weird that in this day & age, people STILL input their data, without checking the URL in the browser, but, generally, people trust SMSs more often than email. These messages are often personalized too, which adds to the trust factor.

Different Types Of Smishing

1. The SMS encourages the target to visit a fake Website, which is designed to look like a legitimate Site such as a well known bank’s site, e-commerce concern or NGO. Once the target is on-site they are prompted to input personal details, such as ID number, banking pins or passwords & username combinations.
2. The SMS directs the target to download an app, which is usually a malware-laden tool designed to steal the target’s credentials or get them to input sensitive information.

Smishing examples

1. One of the biggest scams across the world recently has targeted peoples’ fears over Covid19 – Hackers have taken advantage of their targets’ lack of knowledge when it comes to contact tracing – using fake warnings to steal information such as social security numbers, email addresses & so forth. Also, cybercriminals have targeted faking government & other financial relief schemes to snare victims.
2. E-commerce customer care notifications & survey requests – Targets receive an SMS to rate services & products, when they visit the website they are asked for their username/password combination, which the criminals steal to buy items on the targets’ accounts.
3. Free gift – Targets are encouraged to part with their credentials in order to receive a valuable gift, like an iPhone for which they must pay a negligible delivery fee using their credit card.

These are only a few examples.

Protect yourself

1. Always be suspicious. If it looks too good to be true, it’s probably a scam
2. If you click a link in an SMS, check the name of the site on your phone’s browser before interacting with the Site. Be very careful because these scammers are clever & usually pick a name that is very similar to the domain name of the site they’re purporting to represent
3. Instead of clicking on links in an SMS. Visit the legitimate Website (for instance your bank’s Site),  to see if they are running a similar campaign
4. Don’t download apps from links in an SMS, visit the official app store for your device rather
5. Install a good malware detector app for your device
6. Never give your bank account pin without triple checking if the site or app is legitimate. Also, your bank will never ask you to send your pin via SMS, over the phone or via email

You may also want to read: Google launches identity APIs.

• Author
• Recent Posts

Nora Black

Latest posts by Nora Black (see all)

• “Univer.se” offers option to build Website from mobile device - 2023-06-21
• “Ribbonapp” offers in-product testing by real users – Startups - 2023-05-24
• “Komodo Decks” builds screencast videos from slides for SOPs – Startups - 2023-05-17