What Is Smishing And How Do You Guard Against It?

What Is Smishing And How Do You Guard Against It?

by William Kenny

‘Smishing’ refers to attempts to get people to visit phishing websites by sending SMS text messages to their phones. It is a fraudulent practice that is rapidly increasing. Even people who are aware of the threat of phishing have been fooled by smishing messages.

Phishing is cyber fraud where crooks set up websites that mimic legitimate ones. Thinking they are on a legitimate website, unsuspecting visitors enter their user ID and password on the fake site, thereby allowing the crooks to use those credentials on the legitimate website. 

In the past, the most common way criminals got people to visit phishing websites was by sending them email messages. Now, criminals are using text messages instead of emails. People tend to be more trusting of text messages. They tend to believe that the source of the message is genuine, believing that only a legitimate sender would actually have their cellphone number. They are unaware of how easy it is for criminal organizations to send bulk text messages to randomly generated cellphone numbers.

Both smishing and phishing frauds rely for their success on getting people to enter confidential information into fake websites. In many cases, the criminals are only interested in getting login details, so they can use them fraudulently on genuine websites. However, fake websites have also been used to get other confidential information, such as Social Security numbers and credit card details. Criminals can use the information to execute identity theft fraud.

What kind of text messages are sent?

Text messages could be about anything. Since the fraudsters want you to visit the link in the text message, there is often some kind of incentive or threat to make you want to do so.  Incentives include promising great rewards, provided you act quickly. Text messages may also carry some kind of threat or warning, such as your account has been compromised, or you need to respond within a given time frame to keep your account active. 

Guarding against smishing attempts

You cannot stop smishing messages being delivered to your phone. Provided you do not respond to them, and do not follow any link included, these messages cannot harm you. Simply delete them.

If you are a business owner, make sure all your employees are aware of the problem of smishing. Make it company policy that any smishing messages received on company-owned devices are reported to management.

Be aware that legitimate businesses, like banks and payment gateways, NEVER send text messages asking you to reveal confidential information. You should always be suspicious of any texts you receive asking for information, or messages that urge you to take action immediately. If you have any doubts about the legitimacy of a text message, you should contact the business using its published support telephone numbers (do not call any number given in the text message). Do not follow any link given in these messages.

Learn how embedded HTML links work, and find out how to see the address to which the link is pointing. Learn how domain names are constructed, so that you can see the true address of a website, and learn how to identify faked websites. 

Cyber crime is growing at an astonishing rate, so it pays to be on your guard at all times. If something does not look right, the chances are that you are a candidate for an attempted fraud. Treat all unexpected messages with suspicion, and exercise due diligence before taking any action in response.