Here's how to stay safe from smishing
Smishing, or SMS phishing, is now the most common scam being practised by fraudsters all over the world
- Published 25.11.18, 4:45 PM
- Updated 9.01.19, 6:35 PM
- 2 mins read
After phishing and vishing a new word, smishing, is gaining currency in the digital world. Smishing, or SMS phishing, is now the most common scam being practised by fraudsters all over the world.
Does this message look familiar? Dear (your name), we have detected some unusual activity in your bank account. We urgently ask you to follow the account review link http://bit.do/(name of bank. Another version of the message says, Dear (your name), your Apple ID is due to expire today. Please tap the link http://bit.do/eRob6 to update and prevent loss of services and data.'
These are the kind of messages that can fool anyone, especially since customers do not expect to receive spam on their mobile phones from banks. All the more so because bank accounts are linked to their mobile number.
Smishing is a portmanteau of SMS (or texting) and phishing. Vishing is voice phishing, that is, criminals calling you over the phone and asking for your private, personal and financial information, pretending to be legitimate officials calling from the bank or the income tax department. Smishing can be a message asking for your account number or ATM pin number from an institution you deal with or trust.
Smishing uses what is known as a social-engineering technique to lure people into revealing financial and personal information. Be aware that the billing information you reveal is being fed into a fake website and your information will be used to commit identity theft, fraud and other crimes. Smishing can also be used to spread malware, spyware and Trojans.
Social engineering uses psychological tricks to manipulate people. Criminals may pose as service providers or technicians. People automatically trust people who appear to be generous and caring. They will blindly obey authority such as law enforcement officials. Fraudsters also take advantage of your fears and that is a powerful motivator.
If you are not averse to trying it, help is at hand. LUCY is a tool that mimics realistic cyber attacks, including phishing and smishing simulations. A business, government agency or even you can learn tricks to fend off malware attacks. Technical, as well as non-technical persons, can try the platform. It is also used for IT security awareness training and technology assessments (malware simulations, simulated ransomware and other harmless Trojans). Download LUCY from LUCY Security. It is free for individuals and companies. You can use the tutorials on YouTube to see how easy it is to send a smishing message. Just search for “LUCY Security”.
Smishing is so easy that even a teenager can do it. And, not to forget, it costs almost nothing. This is one of the reasons why it has become the fraud tool of choice these days. Fraudulent emails have become passe because of growing awareness. The majority of phishing emails are stopped by spam filters anyway and, often, never reach their targets. Moreover, there is no mechanism to weed out spam messages as yet. And, they still work. People are very gullible to these smishing messages.
So how do you protect yourself? Basically, stay vigilant. Vet any SMS from your bank. Banks normally don’t send out text messages asking for sensitive data. Contact your bank using the normal customer care number. Be suspicious of strange looking phone numbers. Check them at www.truecaller.com. If it is marked as spam, block the number. Scammers usually mask their identities by using email-to-text services so as not to reveal their actual phone numbers. Don’t click on any link in text messages on your phone from sources you do not trust, even if your best friend sends it. Don’t forward them either.