SMS Phishing: 5 Ways to Avoid SMiShing Attacks

When people think of phishing attacks, a few stock images come to mind: the malicious email, a screen-sized lock icon, and, of course, the long headache that follows. But like all exploits, phishing attacks continue to evolve in complexity and subtlty. Recent trends show a marked increase in "smishing" – SMS phishing – attacks, where hackers leverage text and SMS messages to gain sensitive user information.

A Better Class of Malware

Smishing has gained traction for a number of reasons. Unlike your inbox, incoming text messages on mobile devices are not subjected to traditional spam filters and authentication systems. Without this initial line of defense, malicious text messages can easily slip into your mobile phone. This effect is compounded by the fact that text messages often reflect a mix of business and personal correspondence. The familiar, often varied, threads in one's inbox can obscure otherwise suspicious information. 

[IMAGE] Example of SMS Phishing Mobile Attack

Along those lines, there is also something to be said for user fatigue. Given the volume of texts that mobile users receive per day, hackers exploit their target's dropped defenses to steal information. These attacks can take many forms, often disguised as urgent alerts that require an immediate response. Examples include personal information such as passwords, security updates, locked credit and debit cards, and compromised bank account information. All of these have appeared in past SMS phishing attacks, their success hinging upon knee jerk reactions. And in many cases, when users click a link on malicious SMS attachments, they are redirected to images, rather than websites. Unlike websites, which have a certain degree of built in defense, images are more difficult for monitoring systems to parse, leaving users vulnerable.


So What Can You Do to Protect Yourself Against Smishing?

  • Always check your message's sender – do you recognize the contact? 

  • Remember that legitimate companies will not ask for personal information over text 

  • Never click on hyperlinks that may appear in the message, or offer up sensitive information 

  • If you are directed to a website, ensure that web filters are alerting you to potentially malicious content

  • Understand that smishing is not limited to texting – WhatsApp, Facebook, and Skype messengers are all potentially vulnerable 

If you're looking to upgrade your email, mobile, or network security, our experts can help. Reach out for a free consultation today. 

Request a Free IT Consultation

Related Content
6 Ways to Avoid Malicious Mobile Apps
[VIDEO] How to Spot Fake Email Senders