What is smishing?

What is smishing?

Communicating with each other through texting and messaging apps has become a norm due to the increased usage of mobile devices. It’s even become more common to send someone a message rather then give them a call. However, this alternative form of communication has provided a new platform to be targeted by hackers through smishing attacks. But what is smishing and how can you protect yourself from dodgy texts? Here’s what you need to know.

What is smishing?

Smishing stands for ‘SMS phishing’. Just like email phishing, SMS phishing is an attempt at a security attack in which the phone user is tricked into either downloading a virus or malware onto their mobile device or into giving their personal data over. And while email security features have made it more difficult for phishing emails to reach your mailbox, it is more difficult to distinguish between a genuine and a fake text message.

SMS tend to elicit greater response and urgency than emails. People also seem to trust more texts rather than emails, because it’s more difficult to get hold of one’s mobile number rather then their email address.

How does it work? 

Smishing is usually carried away by sending a SMS that contains link to a website. Once they click on the website, the phone owner is prompted to either download a program that allows their phone to be controlled by a hacker or submit personal information like bank login and password.

But how do people get tricked? Smishing uses elements of social engineering to get people share personal information. The messages often leverage your trust or fear in order to obtain information. For example, the message will say that if you don’t click a link and enter your details then you’ll be charged. Or they often aim to trick you into thinking that you’re texting your bank.

A recent example of a smishing attach is the Argos text scam. The attack targets customers that own an ‘Argos card’ (Argos is a British retailer) by sending them a text message, informing them that they’re owed a £180 refund and inviting them to click on a link where they can leave their bank details. In another version of the scam customers are told they have a package waiting for them, followed by a URL which directs them to a website offering free iPhones in exchange for bank details.

How can you protect yourself?

Here are a few things you can do to protect yourself from SMS phishing:

  • Never give away your personal details if a text from unknown number requests them
  • Avoid clicking any links from unknown senders
  • Don’t text back. Responding to the text message can allow malware to be installed that will silently collect personal information from your phone.
  • Be extra alert to the fact that any text that claims to be from your bank might not be genuine
  • Block the number to prevent further messages

If you have any questions about SMS phishing, let us know in the comments below or by tweeting to us @JustAskGemalto.