We’ve been bombarded all year long with news of major ransomware attacks like WannaCry and NotPetya, phishing scams like the one that hit Google and data breaches that affected large corporations (ahem, Equifax). Most people think vulnerability to such attacks lies in their laptop or desktop computers, but there’s a new type of scam going around. Its endpoint? Your mobile device.
What is a SMiShing scam?
A SMiShing scam is essentially the same as an email phishing scam, except it is conducted via SMS—the technology underlying a typical text message. This type of scam aims to deliver an authentic-looking message that appears to come from your bank, your internet service provider or even your favorite store. The intent? To defraud you by stealing your identity, your bank account details or your sensitive company information.
These scams have been around since as early as 2008, which makes SMiShing an established phenomenon. However, rising awareness and education have prompted people to be much more suspicious of email, while large providers like Google and Yahoo have become better at shutting down email-based phishing attempts. This led cybercriminals to hone in on text message scams and cause a SMiShing renaissance by exploiting the fact that users tend to be more trustful of text messages than emails. What’s more, SMiShing scams are not just relegated to simple texts—they’re popping up on different types of messaging apps as well.
How to avoid SMiShing
As is the case with any digital threat, there is no way to completely block SMiShing messages. However, we can take steps as users to minimize the risk of falling prey to these scams, including the following:
- Use different passwords for everything from your social media profiles to your bank accounts. If that seems overwhelming, use a password manager to help you securely keep track of everything.
- Watch out for text messages from suspicious numbers. Scammers often use email-to-text programs that list the origin of a message in a non-phone-number format such as “5000.”
- As most scammers use online programs, you might want to consider taking advantage of the fact that many cell providers allow you to block texts coming from the internet.
- Remember that banks or other financial institutions will almost never text you with requests for personal information. If they do, be sure to find out what number these inquiries should be coming from or call to verify if a message is legitimate.
SMiShing is just one indicator that threats from cybercriminals will only expand into new areas. With this in mind, the best line of defense for any business is to educate users on what risks look like, as proactive prevention is the most effective method of avoiding ransomware and phishing scams. In addition to literature (like this article), there are also vendors and training programs available to help businesses ensure their users are always acting smart, whether they’re on their computers or their mobile devices. MyITpros partners with some of the best in the industry—contact us for more information!