What is Smishing? Combating text-based phishing attempts
Have you been “smished”? You might be familiar with the term “phishing”. That is when scammers try to get your personal information by sending fraudulent links to you by email. Smishing is a term referring to phishing attempts that happen on your phone via text messages. According to Norton Security, smishing attacks have increased 300% in the last two years.
Your phone is an important, convenient tool. People are increasingly reliant on all the functionality that a phone can pack into your fingertips. Scammers understand that phones are increasingly where more commerce happens. Therefore, they know that it is likely there are passwords in your phone they’d like to get a hold of, along with your credit card information and any other personal data that could be used to steal your identity. They want access to data about you that is stored in apps that you use for things like banking and shopping.
Smishing attempts tend to fall into certain categories:
You’ve Won! If you’ve received a “Congratulations” message, you’ll be familiar with this scam. This tactic advertises a fake contest giveaway you’ve won and try to get you to click on a malicious link to claim your prize. Once you continue to their site, malware could make its way onto your device and compromise your system and the information attached. Example: Be the first person to visit this link and win a free gaming system!
Confirmation smishing scams use fake confirmation requests to get you to compromise sensitive information. This could be for an online order, an upcoming appointment, or an invoice for business owners. The message may contain a link directing you to a site that asks you to input login credentials or other sensitive data to verify your appointment or purchase.
Customer support smishing scams send smishing texts posing as any company a person may trust — not just banks or credit card companies. They may pose as representatives from online businesses or retailers notifying you of an issue with your account. They’ll provide directions to solve the issue, which typically includes you going to a fake site infected with spyware to record any information you type in.
Financial/banking services smishing scams leverage the fact that more and more people are managing their finances online. These smishing messages pose as legitimate and trustworthy banking institutions to get you to compromise sensitive data like Social Security numbers, addresses, phone numbers, passwords, and emails. Example: ATTENTION! Reactivate your credit card at this link NOW.
Tips