Fraud Prevention
Aug 27, 2024

The World of *ishing: Understanding Smishing

We all know what phishing is, but are you familiar with smishing? As cybercriminals adapt to our improved ability to spot and stop phishing emails, they have turned to smishing as a new method of attack.

Smishing (SMS + phishing) is very similar to phishing, but instead of receiving an email, cyber attackers send text messages. You may have noticed an increase in random texts trying to get you to click on links or respond to messages. For instance, you might receive random texts like "Hello" or "Do you have plans for the weekend?" from different, unknown numbers. Or texts claiming issues with a delivery or your bank account that include a suspicious link. It's best to contact the company through a trusted method and then block and delete the fraudulent messages.

Why is Smishing Becoming More Common?
Smishing is quickly becoming one of the primary attack methods of cybercriminals simply because it is easy to do, and it works. Here are a few reasons why:
  • Fewer Security Controls: There are fewer security controls that effectively identify and filter smishing attacks.
  • Short Messages: A text message is short and harder to determine whether or not it is legitimate. More people are likely to fall victim.
  • Informal Nature of Texting: Texting is more informal, and people tend to trust and act on messages. This informality increases the likelihood of falling victim to smishing.
What Should You Look For?
Cyber attackers are constantly changing their tactics. As with phishing emails, we need to watch for the following indicators:
  • Urgency: Messages that create a sense of urgency and rush victims into making a mistake. For example, a message from the IRS stating your taxes are overdue and if not paid immediately, you will be jailed. 
  • Timing: Whether early in the morning or late at night, timing can also be used to create a false sense of urgency or to catch someone off-guard. For example, a message at 4:30 pm on a Friday that seemingly comes from your boss.  
  • Pressure: Messages that pressure an employee to ignore or bypass company procedures. For instance, texts from the president or CEO asking for gift cards.
  • Curiosity: Messages that generate curiosity or seem too good to be true, such as the USPS undelivered package or a prize winner.
  • Sensitive Information Requests: Messages that require sensitive information such as your password or unique codes.
  • Tone: Messages that appear to be from a friend, but the wording or tone of the overall message is not right.
  • Typos: Pay close attention to URLs. Often cybercriminals will alter the name of a trusted domain to appear more credible, such as leaving the “a” out of “bank.”  
By staying vigilant and recognizing these indicators, we can better protect ourselves from smishing attacks. Always think twice before clicking on links or responding to unexpected messages, and when in doubt, verify the source through a trusted method. Stay safe and informed!