Smish or Smishing is a lot like Phishing but over text! If you’ve ever received a text message saying there was some kind of problem (like with your “recent delivery”, your PayPal, or your Amazon account) with instructions for you to click on a link to resolve the issue; you have likely been the target of smishing—SMS-based phishing (“SMiShing”).
The most common types of smishing include Fake delivery notifications, Tax Scams, and COVID/health scams.
Many legitimate institutions have been turning to text messaging as a way of communicating important information so it may be hard to differentiate what is real and what is a scam. If you get a message ‘threatening’ you to take immediate action or else, this is most likely a fake. If you are at all in doubt, call the institution and double-check that they sent the message. Or in the case of a package go to the official website with your tracking information.
Less than 35% of the world’s population knows what Smishing is, so let’s break it down:
A threat actor/hacker sends you an SMS (i.e. text message) asking you to click on a link. If you click on the link in the message, you’ll be redirected to a fake website asking you to provide your information onto a phishing form—(a fake web form that’s controlled by the hackers but looks identical to a web form you’re familiar with (like a PayPal login page or an Amazon login page)—or the website will try to download malicious software onto your device that will be able to track everything you do. As people further integrate their phones into their lives this type of scam is becoming the most used way to steal personal information. Proofpoint reported that SMS-based scams had risen 328% during the middle of 2020 alone.
Now that you are educated (and maybe a little more paranoid) the question that first jumps to mind is, what can I do to stop this from happening? The good news is Telecom companies know that this is an increasing problem and have started to take steps to prevent it. The Cellular Telecommunications Industry Association (CTIA) has adjusted its best practices by using machine learning and shared databases between telecom providers to block as many suspicious numbers as possible. You can help with this effort by forwarding any suspicious messages to the number 7726 (SPAM).
Hackers have stolen information using fake two-factor authentication (2FA) messages. A good way to avoid this is by using a Multifactor Authentication application like Duo or LastPass, if you don’t authenticate via text, they cannot steal that information.
Another way hackers access your information is by disguising their numbers (spoofing) as numbers of people you know. If any of your contacts reach out asking for personal information via text it’s always a smart move, just as you would do with institutions, to call them up and double-check. Plus, it’s a great way to catch up with friends!
Most of the time companies will not request personal information over text messaging. Always keep an eye out for information requests that you personally did not initiate. Being cognitive and aware of your digital presence and how you are sharing your information on your cellular phone is the key to avoiding most of these attacks. Constant vigilance is a must!
Chief Information Officer / vCIO
I provide CIO and IT Support Services alongside a mid-sized technical support team of engineers for business. Bastionpoint Technology is a managed service provider for businesses ranging from 1-500 users! We specialize in Legal, Medical, and Professional services, but support so much more. Retail, Finance, Healthcare, Manufacturing, Non-Profits, and you’ve certainly heard of our clients. We offer unlimited on-demand services, with an on-demand price point to meet every client’s needs. Just call on us – we put your business first!
