Smishing

Ever heard of Smishing or you can say SMS Phishing?

You might not have heard about it but I am sure you all might have been a victim of this at least once in your lifetime. So let me explain to you what is Smishing. It is the act of committing text message fraud to try to lure victims into revealing account information or installing malware. Cybercriminals utilise smishing, which is similar to phishing which it involves pretending to be a reliable company or a respectable individual in a text message in order to acquire credit card numbers or other sensitive information. When cybercriminals "phish," they send phoney emails with the intention of getting the receiver to click on a dangerous link. Smishing only substitutes text messages for emails. This typically entails stealing money, usually your own but occasionally also the money of your business.

How does Smishing Work?

The fundamental elements of any SMS phishing attack are deception and fraud. You are more inclined to comply with the attacker's demands because they adopt a persona that you might trust. Using social engineering techniques, smishing attackers can influence a victim's judgement. This illusion is motivated by three things:

1. Trust: The attackers try to gain our trust by posing as legitimate individuals or organisations
2. Context: These people find and use a relevant context which would look more personalised and reduces the risk of suspicion on them
3. Emotion: By heightening a target’s emotions, attackers can override their target’s critical thinking and spur them into rapid action.

What are the Phases of Smishing?

1. Distribution of the text message “bait” to targets.
2. Compromising the victim’s information via deception.
3. Execution of the desired theft using the victims’ compromised information.

Types of Smishing attacks

1. Financial Services Smishing: Financial services smishing attacks are masked as notifications from financial institutions.Since almost everyone utilises banking and credit card services, both general and institution-specific messages can be delivered to them. Additionally typical premises in this area include loans and investing.

2. Gift Smishing: Gift smishing refers to the offer of free goods or services, frequently from a respectable merchant or other business. These could be free deals for shopping, giveaway competitions, or any number of other things. An attacker can use the concept of "free" to increase your excitement and respond more quickly by overriding your rationality. Limited-time offers or a special opportunity to choose a free gift card can be indicators of this attack.

3.  Invoice or Order Confirmation Smishing: False confirmations of recent purchases or service billing invoices are known as "confirmation smishing." A follow-up link may be offered to pique your interest or compel quick action to arouse fear of unauthorised charges. Strings of order confirmation texts or the lack of a company name may serve as indicators that a scam is taking place.

4. Customer Support Smishing: An attacker will typically assert that your account has a problem and provide you with instructions on how to fix it. Simpler scams might urge you to use a fake login page, while more sophisticated ones might require you to enter a real account recovery code in an effort to reset your password. A problem with billing, account access, strange activity, or answering your most recent client complaint are all signs of a support-based smishing scheme.

How you can prevent Smishing

To prevent Smishing you need to be extra cautious while you click on some link in your phone especially links you receive on text messages. In case you find something suspicious, don't hesitate to talk to the customer service of that particular company from which you have received the message because they are there to help you in such cases only. You can talk to them in any language and there is nothing to be shy of talking to them. They would guide you properly whether their company can send you any such messages or not. Other ways of preventing such scams are by using Two Factor Authentication. They are useful as they provide you with the service of OTP (One Time Password) or asks you to confirm whether it is you who is trying to access the account. This is very useful in banking apps. You can also download anti-malware apps but make sure to download them from trusted websites only to prevent you from landing into another such scam.There are many other ways to prevent you and your data from getting in wrong hands but these the basic ones which everyone should adopt

What to do if you become a victim of Smishing

1. Report the suspected attack to any institutions that could assist.
2. Freeze your credit to prevent any future or ongoing identity fraud.
3. Change all passwords and account PINs where possible.
4. Monitor finances, credit, and various online accounts for strange login locations and other activities.

Connect with me on LinkedIn