Types of phishing attacks are named and defined by the vehicle the attack uses to gain your information. If you’ve ever received a text message saying there was some kind of problem (like with your “recent delivery” or your PayPal account or your Amazon account) with instructions for you to click on a link to resolve the issue, you have likely been the target of SMiShing.
While all use social engineering tactics such as inducing fear, cybercriminals use specific phishing attacks such as smishing to target those who may not be as susceptible to other tactics.
- Smishing is one of the easiest ways for hackers to steal user data because the user is literally handing the hacker all their information.
- Smishing attacks can steal user information using fake two-factor authentication (2FA) messages.
- Fake numbers used by hackers are often local numbers. Hackers can pretend to be texting you from your same area code, giving them a layer of authenticity that devices many people.
- Even “secure” messaging apps like WhatsApp and Signal can be used to spread malware and phishing links as well as business suite apps like 8×8.
Here’s how smishing works: A hacker sends you an SMS (i.e. text message) asking you to click on a link. There is often a sense of urgency to the request which naturally makes one more eager to complete the request. If you click on the link in the message, you’ll be redirected to a fake website asking you to provide your information onto a phishing form — a fake web form that’s controlled by hackers but looks identical to a web form you’re familiar with (like a PayPal login page or an Amazon login page) — or the website will try to download malicious software onto your device that will be able to track everything you do.
The hacker is trying to get your sensitive information via a text message (i.e. SMS) or steal money from you directly. They will urge you to provide personal information — a social security number, a credit card number, or health insurance information — claiming that you must give your information or something bad will happen (like your electricity will be shut off, your credit card will be blocked, or your online account will be terminated).
Types of SMiShing Attacks:
- Fake messages from trusted brands.
- Urgent message -these might appear to be from a bank or a local government office.
- Fake survey link with an incentive, such as a gift card or cash.
- Impersonation of colleague or trusted friend in need of money, and asking for donation or gift card.
How to Protect Yourself from Smishing Attacks
You can report spam and smishing texts. Every major mobile carrier in the US has banded together to create a fraud text reporting service. This service is easy to use — just forward any suspicious messages to the number 7726 (SPAM). This helps to build up a shared database between mobile providers which can be used to block and even prosecute smishers and hackers.
In general, do not click on any link sent via text message if it asks for your personal information, like bank details or social security number. If the message contains a link and an urgent call-to-action, it’s probably a smishing message. If the message comes from an unknown number, don’t respond.