Predators await to take you hook, online and sinker
Borrowing a line from the movie Jaws: just when you thought it was safe to go back onto your device then another form of ‘attack’ comes swimming your way. Smishing is definitely fishy.
Smishing is a combination of the words ‘SMS’ and ‘phishing’. The term is used to describe cyberattacks leveraging apps used for texting. These include Android Messages, WhatsApp, Facebook Messenger, Facetime, and all the countless alternatives that continually emerge.
Smishing attacks are an increasingly popular way for cyber criminals to target their unsuspecting victims by tricking people to download a Trojan Horse, virus or other malware onto a cellular phone or other mobile device.
Globally smishing attacks have spiked of late, rising in the United States 328% in 2020 alone. Financially they are rewarding. According to the FBI’s 2020 cybercrime complaint report, phishing-based techniques such as smishing cost over $US 54m in losses.
More and more, people are mindful that cyber criminals frequently exploit emails (phishing) and phone calls (vishing) as vehicles for their scamming malfeasance (illegal and causes harm). In this new form of attack, their logic is that when it comes to using their preferred messaging service, people sometimes let their guards down.
Possibly because they perceive that these technologies are more for ‘fun’ and ‘life stylish’ versus email, which is more ‘serious’ and business like. Little wonder that cyber criminals have figured out that smishing is a good way to catch people off-guard.
Did you know that the global cost of cybercrime in 2021 was US$ 6 trillion, estimated to rise by 2025 to $US10.5 trillion.
Taking the bait
As with phishing, cyber criminals use smishing as a means to trick people into disclosing personal information, or performing an action, that will compromise their security. Because these messaging services are the means to share videos and images, scammers can often coax a victim into downloading some malicious software (malware) by sending a text message with an attachment (containing malware disguised as an image).
Often the invitation seems simple and irresistible: “Hey, you really have to check this photo out!”
Other smishing attacks are more sinister directly linking to a dangerous website used for criminal purposes. Once the link is clicked, the victim’s device is infected with malware allowing criminals to perform actions like stealing banking information or taking full remote control of the device.
Some smishing activities are less technical simply harassing and bullying the target into purchasing anything from gift cards to fake security software. This trail of deceit can lead to being duped to contact a help line where the real damage comes into the equation.
Avoiding the Big Bite
Similar to other species on the menace list, the key warning signs that you are a target in a smishing attack are very similar to those for phishing. One key difference is that SMS messages are usually shorter in length and less formal in style than emails. This makes it more difficult to spot clues that they are not legitimate and that danger lurks.