The phishing epidemic (as if we weren’t all sick of epidemics at this point eh?) has made malicious emails extremely commonplace in our inboxes. Every day, you can open your email and expect to see messages from cybercriminals that attempt to trick you into handing over sensitive information, and at the moment, the relevant government authorities worldwide are doing very little to prevent it.
Admittedly the level of spam protection one receives does seem to vary based on your email provider, with GMail currently cited as offering some of the best protection out there for users, this is mainly because with one and a half billion users the pool of data they have available to algorithmically determine spammers is staggeringly huge.
However, despite these improved levels of protection from webmail hosts the sheer volume and increasing sophistication of their spamming techniques means something will inevitably slip through the net and land in your inbox looking ‘authentic’ And now, just when we’re starting to become good at spotting malicious emails, the cybercriminals are moving onto a new technique. Now, it’s something called ‘smishing’ that we need to be able to identify and avoid. Smishing is the fraudulent practise of sending text messages, rather than emails, to dupe innocent victims into handing over personal information.
In this post, we’ll take a closer look at what smishing is and the steps you can take to avoid it.
What is smishing?
Smishing, a term that combines SMS with phishing, is when criminals use nefarious text messages, sent straight to your smartphone, to trick you into responding with information that they can use to defraud you.
As an example of a smishing incident, the South African online loan provider Wonga have granted permission for live examples of what smishing can look like to be shared to help raise awareness.
This phone screenshot shows an actually text message purporting to be from the Wonga lender offering the person loans worth millions of Rands. When victims replied to the text message with sensitive personal information, efforts were made to defraud them.
How can you protect yourself from smishing?
Although smishing attacks can be unnerving and convincing, there are simple steps you can take to protect yourself. The easiest way to protect yourself is not to respond to unsolicited text messages under any circumstances. Smishing attacks only work if you take the bait.
In the Wonga example the first red flag should be if you’ve never dealt with the brand before as a customer. While Wonga’s image was defrauded as the ‘face’ of the scam the scammers did not actually have access to Wonga’s customer information (which is well protected on their side).
This meant that for the vast majority of people receiving this scam message, they weren’t previous customers of the online lender. A good rule of thumb to keep you safe is any ‘cold’ message i.e. from a brand you have never dealt with before, is generally not to be trusted and you should be extremely cautious.Here are a few other tips to help you protect yourself from these unwelcome attacks:
- Regard any coupon redemptions, offers, deals or security alerts that you receive via text message as a smishing attempt and delete them immediately.
- Never respond to any text message or click on any links contained in a text message purporting to be from your bank or a financial services provider. No genuine financial firm will ever ask you to provide sensitive information relating to your account, password or anything else via text. If you do think it could be a genuine message, always call your bank directly.
- Never store credit card numbers or banking information on your mobile phone. One strategy scammers use is to try to install malware onto their victims’ phones through malicious links contained in text messages. That can give them access to card details or banking information that is stored on your phone.
- Recognise the telltale signs of a smishing scam. Common smishing messages include:
- Retailers offering you vouchers or gift cards
- Banks informing you that there is a problem with your account, such as irregular activity or a lack of funds
- Technology providers such as Google or Apple asking you to verify an account
- Delivery companies notifying you of a missed delivery
- HMRC informing you that you are due a tax refund
- Always take the time to think about whether the sender would really contact you via text and consider your actions carefully before you respond to a text message.
- Report any suspected smishing messages to your mobile phone provider for free by forwarding them to 7726 or 87726 if you’re a Vodafone customer. You should also report the scam to your regional anti-fraud body such as Action Fraud in the UK or in Wonga’s case the South African Fraud Prevention Service.
Stay safe out there!