1. What's smishing?
With the popularity of the Internet, cybercriminals today often conduct cyberattacks because people tend to trust text messages more than emails.
Smishing is a scam where fraudsters use text messages on your phone to trick you into opening malicious links. The word is a combination of the words "SMS" and "phishing."
2. The principle of smishing
Cybercriminals use malware and malicious links to conduct cyberattacks with simple steps.
Hackers send a text to your mobile infected with a malicious link, at first glance, appears legitimate and may even contain the "correct" website URL. However, once clicked, you are redirected to a fictitious website with personal information as prompted, which hackers use to defraud or profit.
3. Types of smishing
- Financial services scam
Financial services scams take advantage of the habit of almost everyone using banks and credit cards to manage their finances. These scam messages pose as legitimate banking institutions and allow you to divulge sensitive data such as phone numbers, addresses, emails, passwords, etc.
- Customer support scam
Customer support scams send text messages pretending to be from trusted companies. For example, they may pretend to be a legitimate customer service representative from a return visit after purchase to inform you that there is a problem with your account. They will then provide instructions on how to fix the problem, direct you to contact customer support numbers, and try to trick you into handing over your details.
- Download malicious apps
Attackers can use malicious links to download malicious apps on your mobile device automatically. These malicious apps can remotely control your device and deploy ransomware.
- Dating scam
Attackers use fake requests to get you to reveal sensitive information. For example, especially with upcoming appointments, the message may contain a link that directs you to a site that asks you to login information or other sensitive data to verify your license.
- COVID-19 scam
Hackers often disguise themselves as government or healthy agencies to convince you to review newly released information or apply for your financial aid to take advantage of people affected by the coronavirus.
- Gift scam
People inevitably rejoice in unexpected gifts. However, attackers send messages and advertise that you will win fake contest giveaways and try to get you to click on malicious links to claim your prize. Once you continue to visit their site, malware can get into your devices and steal your private information, compromising your system.
4. How to avoid smishing
- Never reply to suspicious text messages
The text message may come from a phone number that does not appear normal at first glance. Please do not reply and delete the text immediately if you see such a number accompanied by a suspicious message.
Carefully discern the difference between the number "1" and the letter "l" in any number and link, and carefully identify the difference between the number "0" and the letter "O." An attacker will always obfuscate the tiniest of differences.
- Avoid clicking suspicious links
Smishing text is almost always paired with links to fake websites that can log your sensitive information. So if you come across a suspicious link, never click on it. And keep an eye out for insecure sites.
- Be wary of urgent requests
Most phishing text messages contain urgent requests to intimidate recipients. But be clear, any legitimate company will provide customers with adequate notice of pressing issues. It won't just use a simple text message and ask you to deal with it in an emergency. It is recommended to contact the official company directly to confirm the details further.
- Prize Notification
The idea of winning a prize is exciting for anyone, but the chances of winning sweepstakes you haven't entered are meager. So if you receive a message about winning an award from an unfamiliar contest, avoid clicking on any attached links and delete the text.