Smishing is a short term for SMS phishing, a variant of phishing email scams that instead utilizes SMS systems to send out bogus text messages. It is the act of using mobile phone text messages to lure victims into immediate action such as downloading mobile malware, visiting a malicious website or calling a fraudulent phone number. These are often seen to be written using fear or greed based terminology such as “fraudulent account activity detected” or by offering some type of award or discount. Often the messages attempt to alarm the potential victim, claiming that urgent action is needed or serious consequences will result – this can be a tell-tale sign that the message you received is dodgy.Smishing can also be used to infect users’ phones and related networks with destructive viruses or eavesdropping software. In the age of the smartphone smishing is becoming prevalent.
Many of us keep our personal information, like banking details, stored in our mobile phones. Scammers can access this information through scams such as smishing. While most people are aware of phishing, people generally seem to be less skeptical receiving a smishing message. Scammers are continually becoming more creative in their efforts, while most people won’t fall for a “we need your bank account password” email, smishing seems somewhat less threatening. With a 90% open rate of all text messages, it is no surprise that many smish attempts are successful – criminals tend to go where the opportunities are greatest.
Smishing may lead the user to a fake website which will ask the user to complete a form with personal details, no credible business would ever ask you to do this – this is a massive warning sign to any user!
Banks generally won’t use text to contact their customers. If they do send texts find out what number they use to generate them so you will know if they are legitimate. The scammers may use spoofed alias numbers that look like they are from your bank, so you should still be skeptical and not reply directly.
Be wary of unsolicited text messages that claim to come from a reputable organisation. Be suspicious of text messages that encourage you to urgently visit a website or call a number to verify or update your details. Do not reply to text messages that request your personal information such as username or bank account without first independently validating that they are genuine. Never respond to text messages which request your 4 digit PIN or online banking password or any other password. Be cautious about clicking on any links that may be embedded or calling the number in a text message.