You’ve likely heard of phishing attacks, but are you familiar with smishing? What phishing is to email accounts, smishing is to texts. And unfortunately, the end goal is the same. Whether phishing or smishing, the sender is out for your personal and sensitive information. Smishing attacks are on the rise. While only 20% of emails are opened, studies show that 98% of text messages are read. While internet users have grown suspicious of email spam, their guard often falls when it comes to texts and cybercriminals are using this weakness to their advantage.
Essentially, if you’re one of the 3.5 billion smartphone users in the world, you’re unfortunately at risk. Luckily, there are several steps you can take to prevent yourself from becoming a victim. Here’s what you need to know to recognize a smishing attack and put a stop to it before putting yourself in danger.
How smishing works
A smishing SMS is simply a text message with ill intent. But did you know that hackers are actually using manipulation tactics to increase the likelihood of a successful smishing attack? Social engineering is a type of manipulation with the end goal of getting unsuspecting victims to give up confidential information. When it comes to smishing, cybercriminals are typically after bank information, passwords, or social security numbers. They may also be trying to secretly install malicious software onto a victim’s device.
Simply sending a text asking for your bank password isn’t likely to work. This is why cybercriminals rely heavily on social engineering tactics when it comes to smishing. It’s easier to try to gain a victim’s trust, where they’re more likely to hand over their information, rather than guess their password. Despite the science behind successful smishing, you don’t have to be a victim. Just as we have locks and security systems to protect our homes, there are tools and best practices available to prevent a smishing attack from bearing fruit.
Smishing signs to look for
The Federal Trade Commission logged over 93,000 complaints about unwanted text messages in 2018. This included a 30% increase in smishing attempts from the previous year. In late 2018, about 125 Fifth Third Bank customers fell victim to a smishing scam. They were all sent smishing text messages that tricked them into sharing their usernames and passwords. Over $100,000 was stolen from the victims via ATMs, simply by using the information they provided. Luckily, four individuals were arrested and charged. However, many potential victims noticed the warning signs and avoided becoming victims. If you received a smishing text message today, would you know what to look for?
Smishing texts may include:
- A link you weren’t expecting
- A downloadable file you weren’t expecting
- An urgent plea for help, usually in the form of money
- Congratulations on winning a contest you didn’t enter
- The name of a banking institution you use or a brand you’re familiar with
- An urgent request for you to verify personal information via a link or automated phone number
While it’s possible to receive a text message containing one or more of these signs and have it be entirely safe, you’re always better erring on the side of caution before responding, downloading, or clicking.
Tips on how to avoid becoming a smishing victim
You can’t stop cybercriminals from targeting you and your smartphone. But by knowing what to look for and how to respond, you can stop a smishing attempt in its virtual tracks. Here are our top tips.
Check the source
It’s not hard for scammers to imitate famous companies and brands. Text message numbers can be faked to resemble those sent from your bank or a company you frequently shop online with. If you do happen to click on a link, keep in mind that webpages can easily be imitated as well. If you’re not sure if a text is from who they say they are, don’t be afraid to call your bank or the sending company to confirm delivery of the text in question.
It really can be too good to be true
Did you win a contest you didn’t enter? Did you receive notice for a delivery you never ordered? It’s less likely that you’re lucky and more likely that you’re being targeted. Avoid clicking on links in any sort of suspicious congratulatory text.
Scammers may sometimes imitate people you know, like your family members, friends, or even your boss, in an effort to extract information. If you get a text from someone claiming to be your significant other or new colleague asking for personal information, bite your tongue until you can confirm the identity of the sender.
Safeguard your smartphone
Internet security software isn’t just for your laptop or tablet. At Avira, we offer several security products designed for smartphones to help keep you safe from malware, hackers, and even smishing attempts. Whether you have an Android or iOS phone, we have security and privacy products that can be installed and active in a matter of minutes.
Most notifications on your smartphone are harmless. Unfortunately, it only takes one successful smishing attempt to compromise your security. Be cautious, trust your instincts, and don’t be afraid to use security tools designed to prevent smishing attacks. By remaining proactive and vigilant, you can avoid becoming a smishing victim.
This post is also available in: GermanFrenchSpanishItalianPortuguese (Brazil)