Phishing--it’s a threat that tells a tantalizing lie to entrap its target, and one that you’ve likely heard of before. However, as technology has advanced, so have the opportunities that cybercriminals have to leverage phishing attempts. Smartphones, for instance, make it so that you must be aware and on the lookout for SMiShing scams.
SMiShing is the mobile version of phishing. Instead of catching the target with an email message, SMiShing attempts are sent via SMS, or text. Other than the method of introduction, there is little difference between SMiShing and the traditional phishing. For instance, both require the target to take the phisher (or, in the case of SMiShing, ‘smisher’) at their word and comply with any instructions.
Despite the general public learning to be more wary of cyber threats that come through the computer, there is still a lack of anticipation that these threats can also come in via cell phone. SMiShing is meant to use the disguise of a familiar contact to steal credentials and data, or delete it entirely.
A “smisher” will use any stolen credentials to access the user’s accounts and cause all sorts of chaos for them. For example, if you have any sensitive client information located on-site or stored in an online account, hackers can gain access to it with your credentials. Another way that a smisher might take advantage of you is by sending you a fake link via an SMS and request that you authenticate yourself or face a recurring fee. If this is the case, you should report the attempt to IT and give the smisher no response.
Spotting a SMiShing Scam
The first thing you should do if you receive a message that you suspect is part of a SMiShing attempt is to reach out to the supposed sender to confirm that it was legitimate. This should be done via some means other than text. Calling the contact or one of their representatives can help you to judge if the message is authentic or not without leaving yourself vulnerable to further threats.
It more or less boils down to leaving SMS messages from unknown senders alone. This is especially true of ‘5000’ numbers, which indicate that the message was originally an email sent as a text. Scammers have been known to use this tactic in their schemes.
Furthermore, messages with downloadable applications are another warning sign, as this is a common method of infecting a mobile device with malware. A good rule of thumb is to only download and utilize apps that come from your mobile device’s official marketplace, as those that don’t are very likely to turn out to be malware in disguise.
How To Protect Yourself
As mentioned above, if there is any doubt about the validity of a message, confirm its authenticity through an alternative line of communication. For added security, it helps to augment the practices we’ve outlined here with the use of a virtual private network, or VPN, safeguarding your mobile activity.
For help in securing your business devices and communications, call Sagacent at (408) 248-9800.