Haven’t we more than once received a random text message about winning a lottery that we had never applied for in the first place? And, if not always, most of the time, the message asks us to click on an unknown link. Have you been gullible enough to click on that link? If yes, you have become a victim of smishing attacks.
Smishing is now being tagged as one of the fastest-growing cyber threats, with almost 86% of organizations encountering an attack last year, according to CISCO’S 2021 cybersecurity threat trends report. But interestingly, organizations aren’t the only ones targeted. Scammers have targeted millions of users and sent scam texts designed to fool them.
You must be getting a lot of questions in your mind, such as, what is a smishing attack? Why do they pose so many risks to individuals? How can we prevent smishing attacks?
Let’s discuss each of these.
What is a Smishing Attack?
The word “smishing” combines the terms SMS (Short Message Service) and “phishing.” Many users may be aware of the nature of fraud after they open the link in the email message, but fewer people know the dangers of clicking links in text messages.
Here are a few warning signs to look out for and prevent smishing attacks.
How a Smishing Attack Works
While initiating a smishing attack, scammers send messages posing as a legitimate organization to get people to follow a link. The messages are usually received via text message or email, but they can also be sent via instant messaging apps such as WhatsApp. This is how a smishing attack works. Smishing attacks are most likely to replicate:
- Bank alerts, such as a new payment notification or an account overdraft warning.
- Account suspensions messages impersonating some known organizations. PayPal and Amazon have been the most common so far.
- Messages from the government or tax authorities.
- Messages claiming that the recipient has won competitions and giveaways.
What does a Smishing Attack Look Like?
Many scammers use automation to send several users text messages using an email address to avoid detection. The phone number listed in caller ID usually redirects to an online VoIP service like Google Voice, where you can’t find the number’s location.
Spam texts usually use the following tricks to trap their victims :
- The company’s name isn’t in the text.
- The text contains a shortened link (usually a bit.ly link) so that the website isn’t identifiable.
- The text is urgent for getting victims to take action while they are off-guard.
- The fake text has an emotional aspect – fear, greed, or anger.
If you look closely, there’s usually something “off” about the message, whether it’s a misspelling, an error in your name, or no personal greeting (a sign of a broadcast message sent to many people at once).
There’s usually some interaction required, like clicking on a link or typing in a PIN number.
Basic Android and iOS security features often stop malware. But even with these strapping security controls on your cell, no security controls can fight the users who voluntarily send their data to an unknown number.
Here is an image to display some sample smishing attack messages:
How Can You Prevent Smishing Attacks?
Professionally written messages don’t always qualify as legitimate
There is a misconception that scams are characterized by spelling and grammatical mistakes. Though that is the case sometimes, many messages are crafted perfectly to mirror the real thing. It’s easier to do so with smishing since text messages are short and don’t need any specific formatting. So, just because the message appears to have come from an authentic source, don’t presume that the message is genuine.
Use the text alias function to enter the DND mode for Smishers
All major cell providers let you set up a text alias. Under this arrangement, you still receive and send texts from your cell, but the people you text will see your alias in place of your actual number. You can then give all your friends and family the alias you are using and block incoming texts from your real number. Since scammers won’t be able to guess your alias and can’t look it up in a phone book, using an alias should reduce the spam and smishing texts you receive.
Never share sensitive personal info in response to unknown messages
The best way to shield yourself from scams is never to provide personal details in response to an unsolicited email, SMS, or call. Scammers’ objective is to capture these details. So, ensure your safety by simply ignoring their requests. However, that does leave you open to the possibility of ignoring a legitimate message. But, if it’s urgent enough, the organization will most likely contact you again. But if you still want to ensure that you’re not missing out on an important message, you can follow our next tip.
Take advantage of the “block texts from the internet” feature to filter messages
Most spammers and smishers send texts through an internet text relay service, helping them hide their identities. Many cell providers give you the feature to block texts that come in from the internet.
Get in touch with the company before divulging details
The most decisive way to determine whether a message is genuine is to ring the organization and ask. Assuming the claim is genuine, the person on the other end of the line will be able to verify and address the issue mentioned in the text.
If you decide to do this, make sure only to use a trusted telephone number. Don’t just ring the number that you received the text from. It will only direct you to the original message, which may as well be a scammer. It’s easy to find a trusted cell number. For instance, if the message relates to your bank account, your bank card should have a phone number. Similarly, if the messages are from the government, you should look for a phone number on a previous correspondence – including a letter or email.
How to Report Smishing?
If you get a suspicious SMS that imitates an organization, alert the concerned organization. Alternatively, you can forward the message to an anti-fraud SMS service in your country. If you’ve fallen for what you suspect is a fake text, you must also alert your bank and cell provider, which can set up security alerts.
Smishing is a crime of trickery – an act of fooling the victim and redirecting them to a link for providing personal information willingly. The simplest protection against these frauds is to do nothing at all. So, as long as you don’t respond, a malicious text cannot do anything.