Do you know what smishing is, what risks it involves and how you can avoid it? The cyber-criminals are betting on the technique known as Smishing when it comes to defrauding users through text messages (SMS). The objective of Smishing is the same as that of other types of scams such as Phishing: to collect confidential data and obtain money illegally.
According to a study by Experian, mobile phone users aged between 18 and 24 send more than 2022 texts per month (around 67 per day) and receive 1831 messages.
In this article, we will explain the most relevant aspects of SMS Banking Smishing to prevent and avoid you and those around you from becoming victims of this scam:
- What is Smishing?
- Modus Operandi of Smishing
- Objectives, risks and examples of Smishing
- 6 tips to avoid being a victim of Smishing
What is Smishing?
Smishing is a word that is composed of "SMS" (text messages) and "phishing" (scam that consists of pretending to be an official website or an authentic email sender so that the victim trusts and shares data or clicks on a malicious link or file).
Smishing is a scam that consists of sending SMS messages to the mobile phone with the aim of convincing the user to enter their personal information. The cybercriminals try to get the user to normally reveal banking information - a login name, password or credit card information - in order to impersonate him or her and access his or her money.
The cybercriminals may also ask the victim to answer certain questions by text message or to call a certain telephone number (usually premium rate) or take any other action that involves additional cost. In short, the final objective of Smishing is to obtain our user keys or personal information, as well as to sell us false/existent products or services, to infect our mobile device, etc.
Smishing Modus operandi
Cybercriminals use smishing to obtain the victim's personal data and use it to steal their money.
However, this can also be detrimental not only to the particular victim but also to the organization he or she works for. More and more people are using their mobile devices for work (a trend called BYOD - Bring Your Own Device).
For this reason, Smishing is becoming as much a business threat as it is a threat to consumers. So it's no surprise that, according to Cloudmark, smishing has become the number one form of malicious text messaging.
There are two different methods of obtaining a user's confidential information through smishing:
1. MALWARE DOWNLOAD
The cybercriminals can trick the user via SMS to download the malware, which is automatically installed on the mobile device.
This malware can look like a legitimate application and therefore tricks the victim into entering confidential information and sending the information to the cybercriminals.
2. MALICIOUS WEBSITE
The link included in the Smishing message may redirect the victim to a fraudulent, legitimate-looking website, where they are asked to enter their personal information. Once provided, cybercriminals can use this information to steal the user's name and password.
Objectives, risks and real examples of Smishing
Below, we show you the objectives and examples of the most commonly used Smishing when it comes to deceiving users:
SMISHING TECHNIQUE #1: SUBSCRIBE THE USER TO A PREMIUM SMS SERVICE
"Congratulations, you've been selected from [X] million users and you've won a [car]. To get your prize you have to send to the number [XXX XXX XXX] the word CAR."
"We just need your personal data, send an SMS from your mobile with the word OFFER to the number [XXX XXX XXX]. Within [X] days we will send you the [barbecue] to the address you have previously given us."
SMISHING TECHNIQUE #2: CALL TO A SPECIAL PREMIUM NUMBER
"You have a very urgent notice. Call the number [XXX XXX XXX].
"[Name] is desperately looking for you, says she talked to you these days and asks for your phone because she's lost it. Tell me if I can give it to her. Answer it."
SMISHING TECHNIQUE #3: STEALING BANK DETAILS
"Send us the following documentation: copy of your coordinate card and your bank card [bank] and also write down the pin in the mail: [mail]."
"Dear client, your credit card has been blocked for your security. To unblock your card you must urgently visit [web] and complete the steps requested. You have 24 hours."
SMISHING TECHNIQUE #4: LINK TO A FRAUDULENT WEBSITE TO INFECT YOUR COMPUTER OR SCAM YOU WITH A NON-EXISTENT PRODUCT/SERVICE
This is the website I told you about [web] Calvin Klein, Dolce Gabanna, Hugo Boss, Loewe, Chanel etc all at half price. Take a look at it and tell me..."
"This website has discounts of up to 80% for 24 hours. Click on the link and don't miss the opportunity"
6 tips to avoid being a victim of Smishing
The good news is that it is easy to prevent and avoid becoming a victim of Smishing and similar attacks. The scam can only hurt you if you take the bait.
That's why we've listed 6 tips to help you protect yourself against smishing:
- No financial institution or business will send you an SMS asking you to update your account information or confirm your ATM card code. In case you receive such a message, call your bank or company if you have any doubts, dialing the phone directly on your terminal.
- Never click on a link or phone number in a message you are not sure about or know the source of.
- Do not store banking information on your mobile device.
- When in doubt, do not answer the SMS.
- Be wary of text messages that tell you about jobs (which do not exist), prizes (without having played) or packages received (without having asked for them).
- Keep an eye on your consumption on a regular basis and, if you notice significant increases in the bill, contact the phone company.
Web Developer, Blogger, Creative Thinker, Social media enthusiast, Italian expat in Spain, mom of little 7 years old geek, founder of @manoweb. A strong conceptual and creative thinker who has a keen interest in all things relate to the Internet. A technically savvy web developer, who has multiple years of website design expertise behind her. She turns conceptual ideas into highly creative visual digital products.
No one is safe from Pishing attacks, especially bank Phising. Large and small companies in all industries are being attacked repeatedly. Phishing is so popular with cybercriminals because it provides…
It can seem that not a day goes by when we don’t hear of some new hacking case or people who have had their sensitive date compromised via the internet.…