Smishing is when fraudsters use SMS phone messaging to impersonate a trusted organisation in an attempt to steal your personal information or install some malware software onto your device. Typically, they trick the end user to click a link within the text message in order to gain your personal information, login details, credit card or bank details.
Here are some examples of Smishing to be aware of:
Smishing is when fraudsters use SMS phone messaging to impersonate a trusted organisation in an attempt to steal your personal information or install some malware software onto your device. Typically, they trick the end user to click a link within the text message in order to gain your personal information, login details, credit card or bank details.
Here are some examples of Smishing to be aware of:
People tend to trust text messages they receive from companies they know or their bank. You automatically think that if a company knows your mobile number it must be legitimate, right? That’s why smishing has become a more popular way for criminals to target people. They can even appear in the same feed as previous SMS messages you’ve received. How it works though, is that fraudsters use randomly generated phone numbers that they try repeatedly until they get a hit. According to research, we read 98% of text messages and respond to 45% therefore likelihood of a breakthrough is much higher than it is with, say, email. So, for them it really is a numbers game!
Smishing texts are also a way of getting malware onto a device. This often comes in the form of a link the user is asked to click on. Once you click the link it auto downloads malware onto your device without you knowing. Also, what also happens is that you’re referred to a login page and this is where fraudsters capture personal information about you that they can then go on to use to commit identity theft.
Fraudsters look to create interest via special offers or by saying you’ve won a prize. They might also claim you’re in some kind of financial or legal trouble in order to scare you. These are all ways of getting your attention and making you part with information about yourself that can then be used to the fraudster’s advantage.
Most of us will have received a fake delivery scam (one of these examples for Evri is above). These claim that you’ve been sent a package from a well-known courier like Amazon, UPS etc. and will include a tracking link that seems perfectly legit. Unless you know for sure you’re not expecting anything, it can be difficult to spot this text trap. Be on the look out for these as well as ones claiming energy support payments from the Government. This is now a new and very popular method of attack (see the image above). If in doubt, go directly to the webpage of the company in question and contact them directly – never through the number given to you in the text. Whatever the type of message you receive, stop and think before you click or call.
So, how do I Protect Myself from Smishing Attacks?
You’re only at risk if you click on any of the links given in the text. Receiving the text will not infect your device. But how do you spot or avoid them?
Here are some key tips for avoiding smishing attacks:
Don’t be fooled by the sense of urgency
Take a breath and think. Is this really likely to be true? Think first, then act. But never click on a link or call directly from the message. If a message is telling you to do something urgently, this is a good sign it is a scam.
Beware of unknown senders
Do you know the company sending you this text? Have you ever had dealings with them before? If not, then you should ignore it. Don’t even respond with a ‘stop’. Instead, you should block the number.
Stay away from links
This is a sure-fire way for hackers to get onto your device so avoid at all costs.
If it looks legit, double check.
The most difficult smishing texts to spot are those that look as though they’ve come from a company you know. However, you should always contact the company via their website or by calling them but NEVER by calling the number given in the text or clicking through to what seems to be the website address given in the text itself. If in doubt, check it out.