Business and Government
Protect your organization in the public or private sector.Start Free Trial
Learn to understand, detect and prevent Smishing Attacks.
Get Protected Now
SMS phishing attacks or “smishing” are becoming more and more common, partly encouraged by the COVID-19 pandemic and the rise of COVID-related scams. In this simple guide, we’ll show you what smishing is, how to detect it and how to avoid being the victim of a smishing attack.
The more you understand about smishing attacks, what they’re capable of and what the potential risks are, the easier it will be to identify and prevent damage from one.
Smishing (aka SMS Phishing) is when an attacker sends a fake message to your SMS number, often containing an offer for a free product or an urgent alert regarding banking or other sensitive information.
Smishing is particularly dangerous for those that don’t have an understanding of basic cybersecurity, because the SMS messages are worded in a way that they’re believable. Some smishing messages even include vaguely personal information to sell the narrative.
Get Protected Now
Smishing attacks are considered “social engineering” attacks, because they prey on regular people via psychological manipulation. In most cases, the smishing message is designed to create a sense of urgency. Messages can include trigger phrases or words like “act now” and “your account is at risk if you don’t click here” or “there will be legal action taken against you if you don’t follow up.” These messages can inspire fear and eventually action.
Cybercriminals get phone numbers via data breaches on the web. When you sign up for a web account on a retail site, for instance, you’re often giving out your email, phone number and other personal information. When cybercriminals break into retail web records, those records are often distributed or sold on the dark web for profit. Thus, your personal information is distributed abroad.
You also may have entered your phone number via a phishing email or on some other illegitimate site and the company behind the site was actually a cybercriminal.
Cybercriminals often extort victims of smishing attacks for more personal information or even money, in some cases. IRS scams are common and victims often wire thousands of dollars to cybercriminals under the belief that the IRS will prosecute them if they don’t.
Smishing and vishing are both similar in that they require the use of a telephone to function, but vishing uses voice services instead of SMS messages. Vishing can sometimes be more effective because you’re actually talking to a person on the other end of the phone. The tone of a conversation can potentially drastically affect the outcome. If you think you’re going to be persecuted if you don’t respond, you’re more likely to give up the information your attacker is looking for.
Smishing attacks are common and there are some signs to look out for.
The Coronavirus pandemic not only brought the physical world to halt, but it also created the perfect catalyst for an increase in cybercrime. With so many remote desktops at work and most companies troubleshooting as they went, the doors were opened for cybercriminals to take advantage of companies that were new to remote work.
But the cyberthreats of COVID-19 went beyond simple hacking. Phishing/smishing attacks increased as well, in the form of Coronavirus scams. These scams included emails or texts offering free masks with a link to claim them. The messages were crafted to look like legitimate communication from well-known charities like the Red Cross.
Other scams portrayed the sender as a government body or other authoritative figure and included a bait link. These social engineering attacks were far more effective than you might think, preying on the fear and misinformation that ran rampant during the crisis.
Get Protected Now