SMS Phishing: 5 Ways to Avoid SMiShing Attacks
When people think of phishing attacks, a few stock images come to mind: the malicious email, a screen-sized lock icon, and, of course, the long headache that follows. But like all exploits, phishing attacks continue to evolve in complexity and subtlety. Recent trends show a marked increase in "smishing" – SMS phishing – attacks, where hackers leverage text and SMS messages to gain sensitive user information.
Here's What Your Business Needs to Know About Preventing SMS Phishing Attacks:
Targeted Mobile Malware
Smishing has gained traction for a number of reasons. Unlike your inbox, incoming text messages on mobile devices are not subjected to traditional spam filters and authentication systems. Without this initial line of defense, malicious text messages can easily slip into your mobile phone. This effect is compounded by the fact that text messages often reflect a mix of business and personal correspondence. The familiar, often varied, threads in one's inbox can obscure otherwise suspicious information.
In 2020, smishing attacks increased 328%. Legitimate authorities used SMS messages to communicate about Covid-19 related contact tracing, vaccine options, lockdowns, etc. This prompted a wave of cybercriminals to replicate pandemic-related content and extort victims. A recent report found that 44% of Americans had seen "an increase in scam calls and text messages" since the start of 2020. Smishing is now the most common mobile-based phishing, followed by social media, email, and gaming-based attacks.
5 Ways to Prevent SMiShing Attacks
Given the volume of texts that mobile users receive per day, hackers exploit their target's dropped defenses to steal information. These attacks can take many forms, often disguised as urgent alerts that require an immediate response. Examples include personal information such as passwords, security updates, locked credit and debit cards, and compromised bank account information. All of these have appeared in past SMS phishing attacks, their success hinging upon knee jerk reactions. And in many cases, when users click a link on malicious SMS attachments, they are redirected to images, rather than websites. Unlike websites, which have a certain degree of built in defense, images are more difficult for monitoring systems to parse, leaving users vulnerable. Before clicking any SMS-based link, do the following:
Always check your message's sender – do you recognize the contact?
Remember that legitimate companies will not ask for personal information over text
Never click on hyperlinks that may appear in the message, or offer up sensitive information
If you are directed to a website, ensure that web filters are alerting you to potentially malicious content
Understand that smishing is not limited to texting – WhatsApp, Facebook, and Skype messengers are all potentially vulnerable
If you're looking to upgrade your email, mobile, or network security, our experts can help. Reach out for a free consultation today.
Editor's Note: This blog was originally published in 2017. It has been updated for accuracy.