The Smishing Link
Predators await to take you hook, online and sinker
Borrowing a line from the movie Jaws: just when you thought it was safe to go back onto your device then another form of ‘attack’ comes swimming your way.
Smishing is a combination of the words ‘SMS’ and ‘phishing’. The term is used to describe cyberattacks leveraging apps used for texting. These include Android Messages, WhatsApp, Facebook Messenger, Facetime, and all the countless alternatives that continually emerge.
Smishing attacks are an increasingly popular way for cyber criminals to target their unsuspecting victims by tricking people to download a Trojan Horse, virus or other malware onto a cellular phone or other mobile device.
More and more, people are mindful that cyber criminals frequently exploit emails (phishing) and phone calls (vishing) as vehicles for their scamming malfeasance. In this new form of attack, they figure that when it comes to using their preferred messaging service people sometimes let their guards down.
Possibly because they perceive that these technologies are more for ‘fun’ and ‘life stylish’ versus email which is more ‘serious’ and business like. Little wonder that cyber criminals have figured out that smishing is a good way to catch people off-guard.
Taking the bait
As with phishing, cyber criminals use smishing as a means to trick people into disclosing personal information, or performing an action, that will compromise their security. Because these messaging services are the means to share videos and images, scammers can often coax a victim into downloading some malicious software (malware) by sending a text message with an attachment (containing malware disguised as an image). Often the invitation seems simple and irresistible: “Hey, you really have to check this photo out!”
Other smishing attacks are more sinister directly linking to a dangerous website used for criminal purposes. Once the link is clicked, the victim’s device is infected with malware allowing criminals to perform actions like stealing banking information or taking full remote control of the device.
Some smishing activities are less technical simply harassing and bullying the target into purchasing anything from gift cards to fake security software. This trail of deceit can lead to being duped to contact a help line where the real damage comes into the equation.
Avoiding the Big Bite
Similar to other species on the menace list, the key warning signs that you are a target in a smishing attack are very similar to those for phishing. One key difference is that SMS messages are usually shorter in length and less formal in style than emails. This makes it more difficult to spot clues that they are not legitimate and that danger lurks.
Good smish spotting skills involve being watchful for:
- Urgent requests for money (even from friends, family and colleagues)
- Messages that give you a very strong emotional reaction. Trust your instincts
- Threats or intimidation
- Alarming messages from an official organisation (e.g. Police or IRD)
- Offers that seem too good to be true (e.g. a prize for a lottery you never entered)
- Someone trying to rush you into taking an action
- Requests for personal information (e.g. how much you earn)
- Messages attempting to sell gift vouchers and the like