Smishing

Smishing is similar to phishing, except that it comes in a text message. A smishing text will often contain a fraudulent link that downloads malware onto the device.

Detection

  • The message offers quick money from winning prizes or collecting cash after entering information. Coupon code offerings are also popular.

  • Financial institutions and government agencies will never send a text asking for credentials or a money transfer.

  • A sender number with only a few digits probably came from an email address, a sign of spam.

Mitigation

  • Avoid responding to a phone number that you do not recognise.

  • Never send credit card numbers, ATM PINs, or banking information to someone via text messages. Or on the phone, over email, …

  • If a text claims to be from a specific organisation or individual, contact that entity directly using known contact information, not the details provided in the text.

Prevention

  • Many smartphones and carriers now provide SMS filtering options to identify and block or flag suspicious texts.

  • Some security applications for mobile devices can help identify phishing links in text messages and prevent users from accessing malicious sites.

  • Even if attackers obtain some credentials through smishing, using Multifactor Authentication is an additional protective layer.

  • Do not store banking information on a mobile device.

  • Have two phone numbers, one for bureacratic matters and one for personal other use.

  • Telecoms offer numbers to report attacks. To protect other users, report it so that it can be investigated.

  • Be aware of current smishing tactics and threats. Awareness is the first line of defense.