Social engineering and phishing attacks have been dominating the cybersecurity landscape for a long time. Virtually everyone knows that people are the greatest weakness when it comes to cybersecurity and social engineering training and testing is becoming more and more commonplace. But just as everyone has become familiar with phishing, a new type of cyber attack appeared – Smishing.
Table of Contents
What is Smishing?
Smishing is a phishing-type attack where the hacker uses SMS messages to extract sensitive information from the victim of the attack. This sensitive information can include information about bank accounts, credit cards, account login and password information for various websites and apps. Text messages can also be used to send links to malicious websites posing as legitimate websites.
What is the goal of smishing attacks?
The main goal of smishing attacks is the same as the goal of other attacks carried out by cybercriminals – financial gain. Hackers may be looking to steal your credit card information to use it themselves or to sell your personal data, account information, etc. on the dark web. Cybercriminals may also demand a ransom from you after getting a hold of important information.
What does a smishing attack look like?
Most smishing attacks are quite similar to each other but despite their similarities, most people have trouble identifying them. This is because smishing attacks are aimed to take advantage of the person’s fear response and get them to act quickly without stopping to think about the possible dangers. For example, a hacker may send a text message saying that it’s a message from your bank and your account has been blocked. The same message will contain a link that you supposedly have to press to recover access to your account. Many people will become alarmed, click on the link and enter their bank login details before realizing that the message may be fake. Smishing attacks also use messages that look like they are coming from Apple Support, insurance companies, government agencies, etc.
How to recognize a smishing attack?
The key to recognizing a smishing attack before the attacker could do any damage to you is staying alert. When you get a text message, you should first examine the number it’s coming from and the text of the message. If the text is unsolicited and you don’t know the number it’s coming from, you should not take any action or click on any links in the message. Instead, contact the company where the message is supposedly coming from directly and find out if they really sent it. You can also try googling the number, sender same or even the text of the message to see if there are any scam reports associated with it.
How to prevent a smishing attack?
To prevent becoming a victim of a smishing attack you should never click on links in text messages. The only exceptions are situations when you’ve spoken to the person who sent you the text in person and confirmed that the link is legitimate. Additionally, you should avoid entering your information on websites if their address starts with http and not https. Here are some more tips on preventing smishing attacks:
- Be extra suspicious of messages that ask you to take urgent action.
- Don’t reply to messages that ask for private information or account details.
- If you don’t know the sender of the message, don’t call the phone number in the text.
- If the message seems to be coming from your bank, insurance company, cell phone provider or another business, call them back using the number on their website, the number in your insurance or banking documents, etc.