SMiShing: SMS phishing. We’ve all heard of email phishing scams where an attacker sends a false email and “fishes” for financial information, login credentials, or other sensitive data. These phishing scams can also happen over text messages.
Criminals will send you an SMS or text message that leads you to a website that will ask you to put in your login credentials or other sensitive information, therefore stealing it. Or clicking on a link in the text will install malware on your device. This malware can basically hijack your phone, log your keystrokes, and perform a number of malicious attacks.
It sounds like an obvious plan that would be easy to detect, right? Who would fall for that? SMS phishing attacks can be tricky, especially to those that are uninformed of the dangers. Because of the personal nature of text messages, when a criminal sends a text directly to your phone, you will open it usually within 15 minutes of receiving it.
It might appear as if the text came from a friend, a retailer, your bank, and other trusted sources. Often the texts will say that you have won something or, according to AboutTech.com, they will play on your fears such as fear of someone stealing your money, fear of being accused of a crime, or fear of harm to a loved one.
Last September, the occurrence of SMS phishing attacks more than tripled in the U.S, according to Cloudmark, a security firm. The U.S. region most prone to SMS phishing attacks is Odessa and West Texas, with 16.1% of the population being attacked at some time. This might be due to the rural, less tech-savvy population.
Here’s how you can avoid falling for a SmiShing scam. Avoid clicking links in text messages, no matter who the text came from. Ignore texts that ask you to “respond quickly” or respond with your sensitive, personal information. If a text appears to have come from a trusted source like your bank or a retailer, call that business directly. Be suspicious of strange numbers that don’t look like phone numbers. This could be criminals covering up their identity with email-to-text services. Turn on the “block texts from the internet” feature on your phone. Most of all, always be on your guard and think about what you are doing. It only takes half a second to click on a malicious link.