You are scrolling the latest posts on your favourite social media platform when a new message pings in. It looks serious – it’s a message from your bank urging you to “click here” to update your account information. It includes a warning that your account will be locked if you don’t respond. It looks legitimate, but is it?
Unfortunately, there is a surprising danger hiding in your text messages. Smishing scams are rapidly rising due to the ease of sending text messages. But what is smishing and how does it work? Let’s go.
What is smishing?
Smishing is short for SMS phishing. It is a form of phishing where a scammer uses text messages to try to steal your personal information. The message is crafted to look like they are from your bank, retail stores, or even government officials. They often include a malicious link which is used to enter your credentials or to install malware on your device.
Why is smishing so dangerous?
Email phishing is discussed more frequently than smishing attacks. As a result, we tend not to consider an SMS as a potential form of attack. Remember, a hacker will try any viable method to trick you.
Also, we secure our computers and laptops far more than we do our smart phones. As a result, the same security measures may not necessarily be present in our mobile devices, making it an easier target for a hacker.
Tips to identify smishing messages
Knowing what to look for can help you avoid falling for a scam. Here are a few tips to help you identify malicious text messages:
- Unknown number: You don’t recognize the number, or it seems like a random phone number.
- A sense of urgency: The message claims to be urgent and you need to act now. Smishers rely on you panicking and making a hasty decision as part of the trickery.
- Alarming message header: You will usually receive a message notification prompting you to read the message. If the notification seems alarming or it differs from the body of the full message, it is likely a scam.
- Unexpected URLs: The link within the message seems out of place. Instead, don’t click the link and confirm with the company or sender separately.
- Spelling and grammar mistakes: The message contains typos or strange grammar mistakes. Legitimate senders rarely make these types of mistakes and the smisher will often use familiar company names as part of the scam.
What should you do if you receive a dodgy text message?
If you receive an SMS that looks suspicious, don’t respond. Instead, follow these steps to stay protected:
- Do not click the link: If you suspect that it may be smishing, don’t click the link. Instead, contact the company directly.
- Enable multifactor authentication (MFA): If your account has the option to add MFA, enable it immediately. This adds another layer of security to your account.
- Report the SMS: Many companies have dedicated teams to assist with phishing attacks so be sure to report it.
Can you spot the smish?
Here is a quick quiz before you go. Below are two text messages. Can you tell which one is the smish?
- Dear customer. Your Netflix account has been suspended. Please click here to verify your payment information.
- Hi name. We have noticed unusual activity in your account. Please call us at our official number to discuss. Regards, bank.
Answer: The first message is the smish. It uses urgency and a fake link to convince you to respond, while the second message prompts you to use the official communication channels instead.
Smishing scams will continue to advance as cybercriminals use AI to craft even more convincing messages. Expect to see more personalized messages that will make it harder to detect if it is a scam. Be aware of current scam trends and share your knowledge with those around you. Stay secure!
