“Smishing,” or SMS phishing, is a form of phishing in which attackers use enticing but fraudulent text messages to trick recipients into clicking a link, sending the attacker private information, or downloading malicious programs to their phone. Like all forms of social engineering, smishing leverages psychology and the principles of persuasion to get the victim to act.
Smishing attacks are on the rise, and one major reason is that it’s an easy scam to execute. People are using their smartphones more and more frequently nowadays and text messages are opened and read almost 138 percent more frequently than emails. In addition, almost everyone has their phone close at hand at all times and most text messages are read within just a few minutes of receipt.
Recognizing a “Smish”
Smishers use urgency, fear, and authority to convince their victims to act. Pretending they come from sources that you trust like your employer, the IRS, or a bank, smishing attacks may utilize the following common lies:
- They’ve noticed suspicious activity or log-in attempts on a sensitive account
- There is a problem with your bank account or payment information that needs attention
- You’ve missed an important payment and need to click on a link to pay immediately
- You are eligible to register for a government or IRS refund
- You’re being given a coupon with an incredible deal
- Your child is hurt and you must send personal health information so that they can be treated
- You’ve won a prize and you need to claim it immediately
Awareness is Key
Remember to think twice about any text that comes in asking you to act quickly; messages that affect your emotions are subconsciously manipulating you. Be sure to take the time to ask yourself whether the message even sounds legitimate before you open it or respond.
There’s no way to completely prevent receiving smishing messages, but there are still some actions you can take to protect yourself. For example, all mobile carriers offer the ability for you to forward suspicious texts to 7726 (SPAM) to report them. This small step can help make it more difficult for smishers to succeed in tricking other victims in the future.
If you think you’ve already clicked a fraudulent link or have provided compromising information, immediately change all the passwords that are associated with the information you gave out. Contact the real company or agency you thought you were communicating with to let them know what happened, so that they’re aware of the scam. And finally, run a malware check on your phone to ensure the link didn’t allow malicious code to be downloaded on your phone.