Have you been receiving texts from political candidates, manufacturers, insurance companies, fundraising campaigns, or any other strange messages? If so, you’re probably scratching your head wondering how they got your phone number because you know for a fact that you have never sent them texts before. There’s a simple explanation for those unexplained texts. It’s called “smishing”, and it has become extremely common. Not only is it annoying, but worse, it can be troubling.
What is smishing? How can you identify smishing attempts? What can you do to protect yourself from them? To find the answers to these questions, keep on reading.
What is Smishing?
To understand what smishing is, you first need to understand what phishing is. Phishing is a type of cybercrime in which an attacker sends emails to their targets. The emails appear as if they’re from credible sources and lure the targeted individual into providing sensitive data (they’re name, credit card info, passwords, etc.), visiting malicious sites, or clicking on links that infect devices with viruses. The attacker then uses the information that they collected to access the victim’s personal accounts. These attacks can have serious repercussions, as they can result in financial losses and identity theft.
Smishing is type of phishing, but rather than email, criminals attack smartphones via SMS (short message service) messages, better known as text messages. The term “smishing” was derived by combining the terms “SMS” and “phishing”.
How Smishing Works
Smishing messages are text messages that are sent with ill intent. Just like phishing emails, smishing messages attempt to trick victims into providing sensitive personal information. In order to encourage their targets to interact with the attacks, hackers have several tricks up their sleeves. They use social engineering, a form of manipulation that aims to make the smishing messages more enticing, thus sparking the victim’s curiosity and increasing the likelihood that they will willingly give up their personal and confidential information; social security numbers, passwords, banking details, etc.
Cybercriminals know that simply sending out text messages that ask their targets to hand over their bank account numbers probably isn’t going to work, which is why they use social engineering tactics. These tactics aim to gain the victim’s trust, increasing the likelihood that they will share their sensitive information.
How to Protect Yourself from Smishing Attacks
You don’t have to fall victim to the tricks that cybercriminals use to try to acquire your personal information. By being aware and knowing what to look for, you can avoid interacting with malicious SMS messages that you may receive. Here’s a look at some examples of smishing messages that you’re definitely going to want to steer clear of:
- Links or downloadable files that you aren’t expecting
- Urgent pleas for help from organizations that seem credible
- Messages that congratulate you for winning contests you’ve never entered
- Messages from financial institutions or brands you use or you’re familiar with
- Urgent messages that urge you to verify your personal details via an automated phone number or a link
While it’s true that you could receive SMS messages that contain any of the above signs that aren’t nefarious, it’s always better to be safe than sorry. Also remember that it’s highly unlikely that your bank or a brand you’ve purchased something from is going to send you a text if an urgent situation arises; rather, they’ll call you directly and will provide ample proof to verify the legitimacy of their identity and their purpose for contacting you.