Don’t Get Hooked by Smishers!
Most of you (I hope) are aware of the security risks involved with clicking on links in emails. Phishing is a common form of fraud in which a hacker tries to retrieve confidential information such as login credentials, personal identification, or even credit card information via email. Typically, a “phisher” will send an email that looks almost identical to one you could receive from a well-known website (i.e. LinkedIn, Facebook, etc.) asking you to reset your password or for other personal account information. Doing so, of course, gives the attacker your password.
But, as phishing has gained notoriety, potential victims have slowly become aware of the tactic and started to avoid these emails entirely. Phishers are catching less of us, so, they’ve decided to start “smishing” us!
What is Smishing?
The name is short for SMS phishing. SMiShing is a form of phishing that involves tricking you into giving private information via a text message. Naturally, most people tend to trust text messages especially ones that contain a brief message that sparks your interest. A smisher can be looking for a range of things from a password, your Social Security Number, to your credit card number.
How will I know if I’m being Smished?
Just as with email, mobile requests for personal information or immediate action are almost always scams. These text messages usually come from “phishy” numbers like (888)-000-000, or 555-55. When in doubt, don’t respond.
I’ve personally received text messages that say something like:
“Look! Your friend posted a new photo of you at ‘http://insertURLhere.com’! Check it out now before it’s removed.”
“We’re confirming you’ve signed up for Service X. You will be charged $X/day unless you cancel this service on our website: www.insertURLhere.com”
“Dear Shopper, Congratulations! You have won a $1000 gift card. Click here to claim your reward!”
Like most forms of social engineering, SMiSHing works because people are naturally curious. “What photo? they wonder, or “Why am I being charged for a service I’ve never heard of?”. I mean really, who wouldn’t want to receive $1000 gift card to their favorite store?! Usually these attackers offer you the very kinds of things you are looking for, which, ironically, is a huge red flag.
Be smart. NEVER click those links! Don’t get smished.