Smishing is a cyberattack that targets people through SMS or text messages. It is a combination of SMS and phishing.
Although cybercriminals are constantly evolving their fraud techniques, being aware of the most common practices will help you avoid falling into their net and becoming a target of their scam.
In order to provide you with helpful information, in this article we will highlight the key points: its definition, tips on how to protect yourself and examples so that you can detect this type of phishing before it is carried out.
What is smishing?
Smishing is a cybersecurity attack that uses mobile phone text messages to trick victims into revealing sensitive information. It can be aided by social engineering, malware or fraudulent websites.
The sensitive information sought by these hackers is used as a target for identity theft or to commit a financial crime to get your money.
The most common pieces of sensitive information that are taken are:
- First and last names.
- Addresses.
- User names or nicknames.
- Passwords.
- Credit card numbers.
- Credit card codes.
- Bank details.
9 examples of smishing
To show you the most common examples of smishing, we will use the sources that are used and show you the corresponding practical example.
Email account security
Scammers send an email warning you of a security breach in your email account and asking you to verify your information and change your password.
This type of scam is also known as a login scam and by sharing your login information, you are giving them access to change your password and block you from accessing your own account.
EXAMPLE MESSAGE: “Your account has been locked due to suspicious activity or unusual login attempts.
Tax scam
The cybercriminal poses as a tax authority to request data by arguing two types of situations.
In the first situation, they tell you that you owe money for one of the taxes you have filed and that not disbursing it will result in the payment of late fees or even the seizure of your bank accounts to satisfy the amount owed.
The goal is to get you to provide a bank account where the claimed amount can be debited or to make a wire transfer to cancel the debt.
In the second situation, the fraudster makes you believe that you have a tax settlement in your favor. Faced with the possibility of an influx of money that you did not expect, it is normal for you to lower your security defenses and provide them with a target bank account that they will use for their criminal purposes.
It is important to remember that tax authorities do not communicate with taxpayers through these channels, but through letters sent by regular or certified mail.
EXAMPLE MESSAGE: “A refund in your favor on your Income tax filing requires your authorization”.
Do you want to stay on top of the latest trends in eLearning, EdTech, and Human Resources?
Fill out the form to receive our weekly newsletter with industry insights from our experts.
Bank account verification
The hacker pretends to be from a financial institution and asks you to verify your bank account information because your it has been compromised.
At this point, it is very important to remember that no bank will ask you for sensitive information via SMS.
EXAMPLE MESSAGE: “Your financial institution needs to confirm your details”.
Missed package delivery notification
Package delivery notifications are a big part of the smishing scam.
They use fake deliveries to get you to click on a link to track or confirm a delivery. The link, of course, is the hook they use to redirect you to a phishing site where they will try to steal your personal information.
EXAMPLE MESSAGE: “Today we will deliver your package between 11:00-12:00. Click this link to confirm delivery or change the date. LINK.”
Credit card alert
In this case, the victim receives an SMS claiming unauthorized access to commercial transactions using their credit card and is asked to confirm confidential details via a link.
As with the account verification scam above, remember that no bank will ask you directly for details.
Invoice
Sending fake invoices is another form of smishing that cybercriminals often use.
They take advantage of sending an invoice from a trusted company claiming payment of an invoice that is actually fake. If you take the bait and pay, not only do they get your money but they also gain access to other information, such as your credit card or bank account number, to expand the scam to other resources.
EXAMPLE MESSAGE: “After checking our records, we have discovered that your XXXX Paypal invoice has not been paid. Please click on this LINK to proceed immediately to your payment and that we do not interrupt our service”.
Gift card
Another scam that hackers love is the one that uses gift card purchase messages to access the prize they contain. They ask victims to share the gift card code, thereby transferring funds directly to the scammer.
EXAMPLE MESSAGE: “Request your prize. Purchase a $100 gift card and send us the code to reclaim your prize. Quick identity verification is needed, click here: LINK”.
Requests to send money
If you receive a text message asking you to send money to help in a crisis, it is best to hesitate.
Scammers may pose as charity workers asking for donations or grants to non-existent charities or to charities that exist but are not them.
EXAMPLE MESSAGE: “The floods in Brazil have left thousands of people homeless. Our NGO is raising funds to help them. Click on this LINK and help them. Thank you.”
Free apps
In this case, the hacker wants you to install an app that looks legitimate but is actually malware or ransomware. Digital payment apps, file manager apps, or even antivirus apps are some of the hackers’ favorites.
EXAMPLE MESSAGE: “Download the latest version of our XXXX antivirus for free. Click on this LINK to start the download”.
How can you protect yourself from being smished?
Now that we have reviewed the main situations that can lead to smishing, we need to give you some tips on how to protect yourself from being smished.
- Do not reply to messages that you did not request, that come from dubious sources or that you have even the slightest suspicion of.
- Slow down and think before responding to a message that urges you to take urgent action. For example, be wary of limited-time offers.
- Contact your bank or institution directly to verify that they are the ones contacting you.
- Verify the phone number they are calling you from.
- Do not store credit card information or passwords on your mobile phone.
- Use two-factor authentication whenever possible.
- Never give out or share your recovery or transaction confirmation codes over the phone.
- Install anti-malware applications that scan your messages and give you extra protection.
At SMOWL, we care about security in the development and performance of the software we offer in all our proctoring plans.
If you want to check it out, just contact us and ask for a free demo where we will show you the benefits of our service and how it fits the needs of your project.
8 interesting facts about proctoring
Fill out the form and download the guide where we cover everything about online monitoring and help you choose the best software.
