Home How We Help Be more efficient Work Smarter Smishing: Don’t let SMS become an SOS

Work Smarter

Smishing: Don’t let SMS become an SOS

Smishing – no, it’s not a spelling mistake, it’s a form of cyber attack that involves text messages being sent to mobile devices.

Jenny Dikranian

Content Writer, My Business

Essentially, it’s very similar to phishing which is carried out via email and it’s the reason why smishing is also known as SMS phishing.

What is a smishing scam?

In general terms, smishing campaigns are designed to trick recipients into disclosing personal information with the intention of stealing money. They can also involve malware or fraudulent websites. Smishing is not limited to text messages as they can be launched on chat messaging platforms.

So, let’s take a closer look at smishing and smash it out of the park.

The number one rule is to be suspicious of any messages that require you to provide sensitive information or click on a link. Often the messages will be disguised as being from a service provider such as your bank, mobile phone company or energy supplier asking you to update your information. With the trend of people using their personal mobiles for work purposes, the threat of smishing has in recent years moved from being a personal issue to a business problem. Providing employees with training to improve awareness can help reduce the business risk.

As SMS is a more personalised communication method than email, when a cybercriminal poses as a genuine company or individual, the recipient is more likely to trust the source. The cybercriminal can play on a situation that is relevant to the recipient and can use emotional tactics so the recipient acts fast rather than logically thinking through the request.

The power of smishing attacks

The aim of a smishing attack is for the recipient to click on a link within the text message which leads them to a malicious website or app. They are then prompted to enter personal information into what may appear to be an authentic company site, however it’s a malicious version the cybercriminal has created. These websites are also known as ‘spoof’ or ‘lookalike’ sites. Once personal details are entered, the cybercriminal can then commit identity fraud such as setting up credit cards using the victim’s credentials, steal from a bank account or leak customer information.

Some smishing attacks may also trick recipients into downloading malware. In these instances, the malware may be disguised as a genuine app on a mobile and when sensitive information is entered, the data is sent to the cybercriminals to use however they intend.

Just like phishing emails, you can stay safe from smishing by not taking the bait. But you do need to check messages as many businesses and government organisations now use SMS as a means of communication. Simply ignoring messages may result in other issues due to timely action not being taken.

Tips to avoid the tricks

Urgent messages – any message that requires urgent attention or has a sense of urgency, for example for a ‘strictly limited time only’, should be treated with caution. If it’s an offer or a claim you’ve won a prize that sounds too good to be true, it probably is.

Messages from banks or service providers – a financial institution will never ask a customer to update account details or log into an account via SMS. Look up their number on their website and call them by manually dialling the number and seek verification about the information provided in the message.

Links in messages – do not click on any links. Instead go directly to the official website to source the information and check the information is correct.

Check the information presented – are there spelling mistakes, typos or odd-looking phone numbers? This is a sign the message is not genuine.

Don’t respond – if you don’t respond, nothing will happen. You can also block the sender to prevent more messages filtering in.