As our world continues to virtualize, no channel of communication has been left untouched by cybercrime. Scams have become increasingly common, constantly finding new ways to force naïve users to part with their personal information. However – never fear – it’s not time to don your tin foil hat yet! These threats can be easily placated with some simple insider knowledge and tips.
It may be sound like a funny word, but the repercussions are anything but humorous. Smishing is not a new phenomenon. This largely unheard of scam has been around since 2008, but it’s become increasingly common over the past few years. In 2016, 33% of mobile users had received a ‘smish’ text. With those numbers continuing to rise, it’s essential to understand how to spot and avoid harmful smishing scams.
Many are already aware of the risks and consequences of phishing – the practice of sending fraudulent emails to gain personal data from the recipient. In fact, its this growing awareness that has forced cybercriminals to innovate their pursuits and find a new channel to exploit.
Already, we are conscience of suspect emails; with smishing, we also need to take extra care when checking our texts and SMS messaging apps.
What is SMiShing?
Smishing refers to the act of using SMS messages to phish users information. They come in several forms, all with the same end goal in mind – stealing your details for financial gain. Either the message will ask you to reply, or to click a link to further the transaction. It may trick you into sending your data willingly or force you to unknowingly download malware that will begin to silently farm information from your phone. With enough details, it’s easy to squeeze money out of the scam by:
- Directly accessing your bank account using your personal data.
- Selling your information to marketers or identity thieves
- Stealing your identity to apply for loans, commit fraud or gain backdoor access to your accounts.
- Charging unknown fees for receiving or responding to the scam text.
The messages are often disguised to look like they are from trusted organizations, which increase their success rate. Currently, they largely rely on the fact that most people aren’t aware of smishes and won’t think twice about vetting the potential threat of their received texts.
Who is at Risk?
Unfortunately, part of the success of smishing is that it targets so many people. Even though many are still not acquainted with the online world, text has become a regular form of communication for all generations. The added factor is that most users trust text messages, as all phishing scams thus far have been online or over phone call. 35 percent of consumers said that they had the most faith in SMS when it came to their security.
A stereotype exists that this type of fraud usually happens to the elderly. While it’s true that many cybercriminals try to target the vulnerable, new figures show that millennials are the worst hit.
A study by the Federal Trade Commission revealed that 40 percent of those ages 20 to 29, who registered complaints, had lost money. This stat was just 18 percent for those 70 and above. Conversely, the latter category was most likely to lose more money, with an average of $621, compared to the $400 of the younger demographic.
How To Spot a SMiSh
Scam artists have become increasingly inventive, and constantly come up with new ways to trick their victims. However, it is possible to identify suspect messages once you know some of the standard formats and features.
Firstly, a smish will usually try to instigate an action. They may ask for specific details, direct you to a web page or even require a response. However, some can infect you with malware by merely opening them. Because of this, it’s important to know how to identify suspicious content before you read a text.
The following are types of smishing messages you may receive:
Mimicking Trusted Organizations
Hackers will often mimic known brands, as it automates trust in the receiver. You may get a message asking you to confirm your account details or respond to a potential problem. Commonly used organizations include:
- Banks and Building Societies
- Government Organizations – such as IRS
- Popular Media Providers – such as Apple and Netflix
- Online Stores
These messages will often be personalized and include details, such as your name, to make it more convincing.
Sense of Urgency
Often, the texts will involve an urgent problem, tempting you to respond without thoroughly assessing the situation. They will claim your account has been breached or will be immediately shut down if you don’t reply straight away.
Reference to Widespread Events
Smishing messages often play on national events to increase their relevancy. Fraudulent notices regarding dates in the financial year, such as tax return season, are perfect for tricking recipients into divulging their bank information. Credit cards details, PIN numbers and the answers to security questions are the most coveted prize for cybercriminals. It’s the easiest way to make a quick buck and is one of the most expensive items to sell on the black market.
Scammers prey on people’s emotions. Often their messages come in the form of a promise of intimacy, romance or even sex. They will use affectionate nicknames and request that you visit their profile or reply to confirm. Especially on messaging apps, they will be accompanied by pictures of attractive models, sourced from Google!
Whether it’s a date with your dream partner or $1,000, scammers know what you want – and they’re prepared to pretend to give it to you. Instant wins and prizes from competitions that you didn’t even enter are clear indicators of a smishing campaign. Let’s face it: no-one is going to give out free iPads and shopping sprees to random people over text message!
Suspicious Messages From Friends
It’s also possible for smishing ploys to appear to be messages from friends. Similar, to spam emails from hacked accounts or posts on social media, scammers are sending smish texts b infiltrating phones and mass-posting to all contacts. If someone you know sends you something suspicious, be cautious!
While it’s important to be aware of what the threat looks like, it also helps to have some more pragmatic strategies!
Practical Ways To Avoid SMiShing
Without sounding like fear-mongering, it is best to air on the side of caution when it comes to potential smishing scams. You don’t have to treat every message with increased paranoia. Simply follow some basic rules if you come across an SMS that makes you suspicious.
- Take No Action. If you receive an odd message, don’t react instinctually. Refrain from opening the text, clicking any links or responding before you can check the validity.
- Confirm Information. If it’s from a large organization, visit their website and check the official contact details. If they match then you’re safe; if not, ring the onsite number to confirm the legitimacy. If the text comes from someone you know, call their phone and ask.
- Antivirus Software. Installing a good anti-malware client on your phone will help to weed out dangerous messages before they hit your inbox. However, not all companies will offer coverage for smishing, so check out some antivirus reviews to find the best for you. Remember that even top providers can’t promise ubiquitous cover, so stay vigilant even when it’s installed.
- Password Managers. Good password management is the baseline of cybersecurity. All your log-in details should be unique, to limit the damage caused by a data-farming virus. If – like most of us – you can’t face trying to remember infinite combinations, several apps are available that will protect your passwords for you.
If you do fall victim to a scam, or spot suspicious activity, it’s essential to report it to the relevant parties. Your phone provider has the power to block certain attacks, and raise the alarm for new scams. Even if it’s already too late for you, reporting the problem could save someone else from falling victim.
Stay Safe & Secure Online
Cybersecurity may not be the most exciting topic, but its importance is only set to grow over the coming years. As the online landscape changes, criminals will constantly evolve their tactics to get their hands on our data. Smishing is still largely unknown, but it’s easy to add these practical steps into your security repertoire.
With so much sensitive and personal information stored virtually, the risk is now too significant to leave our cybersafety to chance. Protect yourself now to avoid becoming another victim of SMS-based scams.