What is SMS phishing? Also known as “SMiShing” scams …
It’s a way identity thieves can attack unsuspecting individuals with the intent of gathering their personal identifying information. These details are used as a direct way to break into the person’s sensitive accounts. The information gathered could then get used to create fake bank accounts, credit lines, IDs, and more in the victim’s name.
No identity theft protection plan can protect you from this type of attack, so it’s important you understand how SMS phishing attacks work.
The Definition: SMS Phishing Explained
It all starts with a fraudulent message, sent with the purpose of leading you to a phishing website. The sender might impersonate your credit card provider, PayPal, or even a top e-commerce shop like Amazon. As an example, recent PayPal SMS phishing attacks would send the recipient to an important security message that’s hidden behind a phishing login page.
It will not be until it’s too late when you realize your information got phished. The attacker can then intrude further on your personal life, and gather details like your date of birth and mailing address. If the right combination is there, the phished information can then get used to create new bank accounts, credit lines, documentation, and more.
The malicious messages will either include a reason to feel fear or excitement. The latter is obvious enough to portray, such as through fake ‘limited time’ offers. Yet, installing fear into the recipient involves a much different approach. But, since around 90% of text messages get read within 15 minutes of sending, it’s important you understand how each type of fear works.
Here’s an example of each type:
Fear of Embarrassment
You are given a reason to think something embarrassing has happened. In this example, you can see the message suggests that there’s an image of the recipient on the Web. Spin the wording a bit and there are many new angles that can entice the receiver to click the link. For example, the text could say, “Did you see the pic your mom put up on Facebook?” and going to the link would take you to a Facebook phishing page.
Fear of Financial Loss
You are lead to believe your account was corrupted, putting your money at risk. You will then get told to “verify your identity” or to perform a similar action. These direct phishing attempts are best approached with a tricky URL, instead of the use of a URL shortener. As you can see in the example, it would be easy to confuse the URL for the correct one from a quick glance.
Fear of Legal Liability
You are sent a message that makes you feel accused. The sender gives a reason to tie you to the wrongdoing, such as by saying your phone number was used on the account. As difficult as the scenario is, clearing it up appears to be as simple as going to their link and committing a small action. You should not ever need to unsubscribe, as you have not subscribed in the first place. If you know you have no connection to the context of the message, just ignore it or block the sender.
Fear of Physical Harm
Physical threats are not as common, but they do exist. These SMiShing attempts are unique and should be addressed with caution. If there are real risks involved, the police should get contacted right away. As you can see in the example, identifying details (like the dog’s name) indicate a much more serious threat. Even if the information was taken off your not-so-private social media accounts, you are better off safe than sorry.
Save Yourself … Know the Signs of SMiShing Scams!
There are many ways to tell there is something “phishy” about an SMS message. A legitimate company will never message you for information to verify your account. This includes your full name, mailing address, bank account or credit card numbers, and much more. It pertains to anything that could identify you or unsecure your login credentials.
If you are still uncertain, you can also look up the URL included in the message. Do this by searching on Google for the URL with quotation marks around it. Further, you can search for the phone number that messaged you to see what shows. It’s possible to spoof the number, but most attackers will message many off the same number. If the message comes from a 5000 number, it’s an automatic avoid as this means it was sent from e-mail to text message.
That said, you might be able to put a stop to text messages coming in from e-mail addresses. A lot of cell phone data service providers offer this feature. Just find out from yours if this is a possibility, but keep in mind that this could block messages from texting services like TextNow and TextPlus that your family and friends might use.
What to Do About Threatening SMiShing Attacks?
Sometimes the sender will try to pressure you into giving information up. The threat could come in many different ways, including physical and financial. An attacker could creep your Facebook to get your relative’s names, and then make death threats against them. These personal attacks are much different than those where a corporation gets impostered. Instead of giving in to the extortion attempt, you should contact your local police department and place a complaint with the Internet Crime Complaint Centre.
A threatening message can come in many forms, but the commonality is that you are given a reason to fear the sender. You are forced to believe that not cooperating will cause you problems. Most of the time there is nothing that they can use against you, though some thieves will go a step further and dig up dirt on the Web about their victims.
In the end, being able to detect such attacks comes down to using some common sense and not reacting by impulse. These criminals are anticipating that you open the message and think without acting. If you take some time to observe things, you might notice some big red flags. In any event, the same conclusion as before still applies: it’s safer to ignore the message than it is to open it!
How to Avoid Smishing Scams: Do Not Turn Yourself into a Fool
Normal phishing attempts can disguise well and it’s understandable if you get fooled by some of them. But, there should never be a reason to fall for an SMS phishing attempt. This is because these always raise serious red flags. A company should not message you with a different URL, especially when they are of similar status to PayPal.
If you are uncertain, all it takes is picking up the phone and calling the company to clear your worries. It’s better than taking a gamble and risking your information in the wrong hands. A single login credential could lead to access beyond that account. It’s up to you to make sure all your private accounts stay safe and if you do not, the damage could become irreparable.
Also, do not take the gamble of clicking the link in the first place. It’s never a good idea to go onto these websites, as many of them are malicious in nature. It’s possible that you will land on more than just a phishing login page. In fact, you could end up downloading malware instead and the damages could run on for much longer.
Conclusion: SMiShing is a Security Threat, But Don’t Worry!
Everyone talks about the risks surrounding phishing websites. Few discuss how powerful it can be to market these phishing attempts over text messages. That’s because everyone is already aware of how foolish these tricks look. They get read like an open book, and even the simplest of minds are not falling for the scam anymore.
As always, you should be aware of how to protect yourself from SMS phishing threats. This in-depth look should give you enough insight to know what to trust and why. It’s even more important that you understand that major corporations will not ever both requesting sensitive information from you over text. The security risks are well known, which is why most marketing messages that reach your phone are nothing more than complete spam.