What is Smishing? - Xlingshot

Smishing: What is it and How To Avoid Being a Victim?

What is Smishing?

Smishing is a type of phishing attack but instead of arriving by email, as phishing attacks generally do, they come via text message or SMS message. 

Smishing attempts are the fastest-growing type of phishing attacks because they are easy for hackers to carry out and their success rates are relatively high. According to Verizon’s 2020 Mobile Security Index, smishing attacks have gone up by more than 600% in the past year. This trend is projected to continue, especially as we move into the holiday season.

Experts believe that the reason for smishing’s high success rate is that most people are less wary of attacks via text message than they are when it comes by email. People are less likely to think that a text message from an unknown sender is a scam than an email from an unknown sender. 

Typically, the way a smishing attack works is a text message under false pretenses arrives, like “your FedEx delivery is delayed, click here for updates,” and it will include a link. The link takes you to a page where you are asked for personal information and/or login information. 

Smishing Examples

Here are some actual smishing examples…

  1. The banking angle:

FRM:USBANK

SUBJ: USBANK Unusual Activity!

MSG: Acc Frozen

TO UNLOCK GO =  http://fakelinkhere.site?USBANK

ID: EDGWGNDJSISJDKDNKWLSNFIFHDNDKSDICHSGFNASJKSINM

This approach is especially dangerous because when it works the hacker gets your bank account login information

  1. The credit card vague-but-urgent message approach:

FRM:AMEX@Message

SUBJ:Card Alert

MSG:Card Alert; Card Alert

http://www.fake.americanexpress-message.com

Just like with the banking threat, this one could give hackers access to your available credit, not ideal.

  1. The “you won something” approach:

Congrats Kelli! Your code

L6R-K8V8 printed on your 

Last receipt is among 7 we

Randomly picked for $1000

Walmart gift card promotion

https://fake.website.here.net

 

This one is too enticing isn’t it? If it’s too enticing, it’s probably fake.

 

  1. The fake Apple Support message:

Apple Support

Unusual Activity in your

Apple-ID. Update your

Account to protect your

Personal information.

 

https://fake.website.here.net

If you think there is anything wrong with your Apple account, just log in directly through Apple, no need to click on a link from a text message.

  1. Another too-good-to-be-true enticement: the paid survey:

Amazon 2020 resolutions:

1) Not to be too greedy 2) care

More about the customers. 

So, you’ll get $130 freebie 

for a survey, http://fakelink.amazon.net

This one seems so weird and funny but has, apparently, worked!

 

Where to report smishing

If you think you have received a smishing message you can file a complaint at no charge to the Federal Communications Commission (FCC) on their website. You can also contact local law enforcement to report scams.

How to protect Your Company from Smishing and Phishing

Security Awareness Training is the best way to protect yourself and your organization from smishing, phishing, and other types of cybercrime. When employees know to simply delete suspicious messages and resist the temptation to respond, they will be protecting themselves better and more effectively than any other preventive action that they can take. 

Looking for additional Security Awareness Training?

At Xlingshot, we work with our clients to ensure that their networks are locked down and their staff is thoroughly trained on the latest in Security Awareness. We will take care of the training so that you are free to do what you do best: run your organization.

Our comprehensive Security Awareness Training includes baseline risk assessment and complete training on the mechanisms of spam, phishing, spear-phishing, malware, and social engineering. Included in the program are multiple refresher training and post-training phishing simulations with custom landing pages. Staffers who open the automated phishing emails are automatically enrolled in additional training until they no longer fail the simulations. 

Our approach to delivering the best possible IT service and Security Awareness Training is centered on you. For a free consultation please contact us today.

We know what it’s like to run a business and we know your time is valuable. We can:

  • learn about your business
  • give you some ideas on what improvements you can make right away
  • provide free advice on your approach to IT security and other IT solutions