What is Smishing?
Smishing is still phishing; it is just done from an SMS account (thus the name). Typically phishing is executed through telephone messages or email, but today with so many people using mobile devices for work, text messages are used to quickly communicate.
The smishing attack comes in the form of a text message, which is one of the most trusted forms of communication. People won’t hesitate to click on a link in a text message, making the smishing attack one of the most dangerous attacks out there.
Typically, the attack will come in the form of a vaguely worded message from an authority figure. This not only pulls the wool over the eyes of the recipient, it does so by using someone they fear or trust to facilitate action.
With many people keeping a lot of proprietary or sensitive data on their phones, if a hacker were to gain access to it, there is a lot of havoc it could wreak.
How to Spot a Smishing Message
Identifying a smishing message is a little more difficult because of the nature of a text message. You typically don’t get text messages from scammers if you’re lucky so any person could be fooled by this avenue of attack.
- If the sender of a text message isn’t familiar to you, do not open the message and make sure you don’t click on any included links.
- If you cannot verify the legitimacy of the message, do not release sensitive information. If you receive a text message from Twitter informing you of a problem with your account, access Twitter separately to confirm before you resolve it. Don’t click the link in the text to go to Twitter, open up the app or go to a web browser on a different device. The same applies for any account.
- If you get messages from people you don’t know, block the numbers. Better to be safe than sorry.
Security has to be at the forefront of every employee’s mind to keep unwanted malware and scammers off of your business’ network. To learn more about smishing, phishing and more avenues of cyberattack, return to our blog regularly.