Smishing Scams


Understanding Smishing: Defending Yourself from the Threat

Smishing: Funny word, serious threat. Smishing is a type of cyber-attack where scammers try to trick people into revealing sensitive information or clicking on malicious links through text messages on their mobile phones. It's basically like phishing, but it happens over “SMS” more commonly known as text messaging.

SMS phishing is a type of scam where people are tricked into sharing their sensitive information with someone pretending to be someone they trust. This can happen through text messages on mobile phones, and it may also involve malicious software or fake websites. It's not just limited to traditional text messages but can also occur on other messaging apps that use data for communication.

What is Smishing?

Smishing is a word made by combining “SMS” and “phishing.” It's a type of trick used by cybercriminals to steal personal information from people. When they 'phish,' they send fake emails to make someone click on a dangerous link. With smishing, they do the same thing, but using text messages instead of emails.

The goal of these cybercriminals is to steal your personal information, which they can then use to do bad things, like committing fraud or other cybercrimes. One common target is your money, and sometimes, they may also go after your company's money.

Cybercriminals usually use one of two ways to steal this information:

  1. Malware: The deceptive URL link in the smishing message could deceive you into downloading harmful software known as malware. Once installed on your phone, or computer, this malicious software might pretend to be a genuine app, tricking you into entering sensitive information that will then be shared with cybercriminals.
  2. Malicious website: If you click on the link provided in the smishing message, it may take you to a fake website that looks like a trustworthy one. This counterfeit website will ask you to provide personal information, which the cybercriminals can use for illicit purposes. These malicious sites are specifically designed to imitate legitimate ones, making it easier for them to steal your information.

Smishing text messages can pretend to be from your bank and ask for personal or financial details like your account or ATM number. Giving out this information is like giving thieves access to your bank account.

Since more people are using their personal smartphones for work, smishing is now a threat to both individuals and businesses. It's not surprising that smishing has become the top form of malicious text messages.

As mobile device usage increases, cybercrime targeting mobile devices is also on the rise. Texting is the most common use of smartphones, making smishing a dangerous security threat. Let's explore how smishing scams actually work.

How does Smishing work?

SMS phishing scams rely on deception and fraud to trick people into falling for their tricks. The scammers pretend to be someone you trust, making it more likely for you to believe and do what they ask.

These scammers use social engineering tactics to manipulate their victims. There are three main reasons why their deception works:

  1. Trust: They pretend to be legitimate individuals or organizations, making it harder for you to doubt their intentions. Since SMS messages feel personal, you're less likely to be cautious about potential threats.
  2. Context: They create messages that seem relevant to you, making it appear like a genuine communication. This personalized approach makes it easier for them to avoid suspicion.
  3. Emotion: They play on your feelings, getting you emotionally charged. This can cloud your judgment, making you act quickly without critically thinking about the situation.

Scammers use certain techniques to craft messages that trick people into taking action. Typically, they want the recipient to click on a link in the message, which takes them to a fake website or app designed to steal their personal information.

The targets of these attacks are chosen based on their connection to a specific organization or location. It could be employees, customers, mobile network subscribers, university students or residents of a particular area.

The scammers pretend to be associated with the organization they are trying to target, but they can also use other disguises to steal personal or financial information.

To hide their true identity, attackers use a method called "spoofing" to conceal their real phone number and use fake or disposable prepaid phones. They may also use email-to-text services to hide their phone numbers further.

Step-by-step, a scammer will carry out their scam in a few key phrases:

  • Distribution of the text message “bait” to targets.
  • Compromising the victim’s information via deception.
  • Execution of the desired theft using the victims’ compromised information.

When someone tries to trick you through smishing, they succeed when they use your personal information to carry out the scam they had planned. Their goal may involve various things, like stealing money from your bank account, using your identity to open fraudulent credit cards or disclosing sensitive data from a company.

How to prevent Smishing

The good news is that it's not too difficult to protect yourself from these attacks. To stay safe, all you must do is avoid taking any action when you receive suspicious messages. These attacks can only harm you if you fall for their tricks.

However, it's important to remember that legitimate retailers and institutions might still send you text messages. So, not all messages should be ignored, but you should be cautious and act safely no matter what.

To keep yourself protected, here are a few things to remember:

  • Do not respond. Sometimes, when you receive messages asking you to reply, such as texting “STOP” to unsubscribe, it might not be genuine and could be a tactic used by scammers to find active phone numbers. These scammers rely on your curiosity or anxiety about the situation, but you have the power to avoid getting involved and ignoring such messages.
  • Slow down if a message is urgent. If you receive urgent requests to update your account or offers that are only available for a short time, be careful as they could be signs of smishing. Stay skeptical and proceed with caution.
  • Call your bank or merchant directly if doubtful. Trustworthy organizations will never ask you to update your account information or provide login details through text messages. If you receive any urgent messages, it's best to double-check by logging into your online accounts or calling the official phone helpline provided by the organization.
  • Avoid using any links or contact info in the message. Try not to click on or use any links or contact information in messages that make you feel uneasy or uncomfortable. Instead, always use official and direct contact channels whenever possible.
  • Check the phone number. Unusual phone numbers, like those with only four digits, might indicate the use of email-to-text services. Scammers may employ this tactic to hide their real phone number among other methods.
  • Opt to never keep credit card numbers on your phone. To prevent financial information from getting stolen from a digital wallet, the safest approach is not to store it in there at all.
  • Use multi-factor authentication (MFA). If a scammer tries to steal your password through text messages, it may not work if your account has an extra layer of protection called Two-Factor Authentication (2FA). 2FA can be as simple as receiving a verification code via text, or more secure by using an app like Google Authenticator.
  • Never provide a password or account recovery code via text. Using passwords and text message 2FA codes in the wrong hands can risk your account. Never share them and only use on official sites.
  • REPORT all SMS phishing attempts to designated authorities.


What to do if you have fallen for Smishing

Smishing attacks are cleverly deceptive and might have already targeted you, so it's crucial to be prepared with a recovery strategy.

Follow these essential steps to minimize the impact of a successful smishing attempt:

  1. Report the suspected attack to any institutions that could assist.
  2. Freeze your credit to prevent any future or ongoing identity fraud.
  3. Change all your passwords and account PINs where possible.
  4. Monitor finances, credit and various online accounts for strange login locations and other activities.

Each of these actions is important to keep you safe after a smishing attack. When you report an attack, it not only helps you get back on track but also prevents others from becoming victims too.

How to report Smishing text messages

If you get an unwanted text message, there are three ways to report it:

Vision Bank prioritizes the safety and security of all customers. Through proactive initiatives and dedicated resources, we remain steadfast in educating individuals about the dangers of financial scams. Empowering our community with knowledge enables us to build a resilient defense, ensuring a safer digital banking experience for all. Together, we build a shield against financial scams and forge a path towards a secure future.