Smishing: what is SMS phishing and why is it still so popular?
The term "smishing" is a combination of the words "SMS" and "phishing". As you can imagine, smishing is a scam where criminals send malicious text messages (SMS).
As outdated as SMS may seem, it remains fertile ground for cybercriminals and so-called smishing scams are booming. According to Avast's 2023 Cyber Threat Report, there has been a rise in the number of phishing scams in recent years by close to 10%. Smishing, a type of phishing applied via SMS, was the main driver of this increase.
Read on for a better understanding of how this scam works and how to protect yourself!
Rise in cyberattacks via SMS
According to the Avast Cyber Threat Report, in the first quarter of 2023, phishing and smishing attacks rose by 40% compared to 2022.
According to Avast, SMS has become increasingly popular among cybercriminals due to the high open rate and the sense of trust people place in text messages from seemingly reliable sources, like banks, businesses, or government institutions.
How smishing is applied
Smishing may occur in any one of several different ways. Some of the most common scenarios are:
-
notification of suspicious bank account activity;
-
information on parcel delivery;
-
attractive promotions in well-known stores;
-
notifications about overdue or upcoming bills;
-
notification of purchase made on your credit or debit card.
Cybercriminals usually pose as authorities (such as banks or stores) and then present information that either concerns or elates the victim, like suspicious account activity, exclusive discounts, and so on...
They then pressure you to take some form of action, very often providing a link to access the discounts or resolve the problem.
The thing is, that link redirects Internet users to a fake page. Unfortunately, believing the page is safe and dependable, victims often share personal information or even make purchases and payments.
In the worst case, cybercriminals can even install a virus on the victim's device, gaining access to all the information on their phone.
The most common risks of smishing
Smishing scams pose significant security risks to everyone, and anyone may fall victim to identity theft and financial loss. Even their privacy is in jeopardy.
Businesses face similar risks. After all, nowadays, it’s normal that many employees have work-related access on their personal smartphones. If a criminal gains access to a victim's phone through a smishing scam, the company’s confidential data may be compromised, along with the risk of financial fraud and reputational damage.
Best practices to protect yourself from smishing scams
Fortunately, there are steps we can all take to protect ourselves from smishing and minimize the associated risks. Here are a few best practices you can follow to keep yourself safe from smishing scams:
Be wary of unsolicited text messages
If you receive an unexpected text message, especially one requesting personal or financial information, be cautious. Legitimate businesses don’t usually request sensitive information via text message.
Don't click on suspicious links
Avoid clicking on links included in text messages unless you are absolutely sure they are legitimate. Check the sender carefully and search the company's official website for up-to-date information.
Education and awareness
Learn about cyber scam trends and keep up to speed with the latest updates from the world of cybersecurity. When it comes to companies, providing regular cybersecurity training to employees is crucial. Teach them to recognize signs of smishing and to report any suspicious activity.
Conclusion
While smishing is a real and persistent threat, we can protect ourselves against it by adopting suitable security practices. Continued awareness and collaboration among companies and their employees are key to mitigating this threat and ensuring the safety of our personal and professional information.