Phishing is a technique used by cyber terrorists frequently use to fool users and grab their confidential data. Normally this is done by sending fraudulent attachments or suspicious links (otherwise known as Phishing Links) via email or some kind of message.
The word Phishing is very common nowadays, almost everyone knows about this inimical method of stealing digital identity and assets. Due to its existence for a long period of time, almost everyone using the internet has developed some kind of a defense mechanism against it and are very cautious while opening a link sent through an email. To cope with the changed scenario, the bad guys have also adapted and are trying various newer methods. “Smishing” is one of those methods which have really caught the eyes of a lot of general users as well as experts.
When smartphones become the primary platform for the spreading of phishing links, that’s smishing. In simple terms, when hackers use mobile text messages to lure people falling into a digital trap, we categorize that as Smishing. Mobile text messages are popularly known as SMS or Short Message Service. That’s how SMiShing gets its name, phishing done via SMS or mobile phones.
As phishing is around for a long time, people are aware of this malicious mode of cyber crime in general. Moreover, there are built-in spam filters in all of the prominent email service providers. So a large chunk of phishing emails are actually filtered out before they are even opened.
However, it’s not the same for Sms-phishing. As this is new, people are not that much aware yet, nor the filtering service for spam SMS is a prominent thing either. Many do not even take into consideration the fact that phishing through text messages is even a thing! In addition, everyone has a natural tendency to treat all text messages as innocuous and click any links or follow any instructions given there. As a result, smishing has a better success rate than phishing which is alarming.
Another fact why Smishing is more damaging is, for email addresses, there are almost an infinite number of possibilities. However, a local cell phone number has only digits and usually consists of a certain amount of them. For example, any US phone number is 10 digits. So anyone could type 10 digits frivolously and could end up with a valid phone number. So a hacker can simply send text messages to any number.
All these reasons combined make Smishing a very strong potential threat. A report by Gartner shows that as high as 98% of text messages are read and almost half of them get a response. When this is compared with 6% of total email responses, the scenario becomes clear.
Just like there are different types of email phishing scams, there are different types of smishing as well. The primary method for Smishing is definitely the text messaging system. But, nowadays text messages are often replaced by different instant messaging apps. To name a few, Facebook messenger, WhatApp, and Viber are there. More often than not, a cell phone number is tagged along with all these instant messengers accounts. So, it becomes easy for a scammer to scam those apps too.
Attackers also try to get into the victim’s mind in some specific ways. For instance, they might send a SMS saying the recipient has won a lottery and lure them to click a link.
In another case, people are always waiting for a delivery from the courier service, so the scammers use some renowned brand name like DHL or FedEx and try to scam general people.
Probably the most common Smising frauds happen in the means banking channel. If not all then most of the people who use online banking services have a mobile phone. As people do not suspect their mobile to be a source of a phishing scam, scammers try to get hold of secret credentials and banking information via this.
Such an incident happened with the customers of Bank of Ireland where as many as 300 customers fell victim of a Smishing scam and the bank had to compensate an amount around 800,000 Euros.
Staying safe from Smishing is more of a habit than overnight success. Ensuring safety from these kinds of scams largely depends on the specific person’s consciousness and ability to identify a possible scam and ignore as well as report the message.
Here are some tips to identify and avoid a potential smishing scam