A form of social engineering, it’s a type of fraudulent activity whereby scammers lure victims into sharing personal information or downloading mobile malware via text, by claiming to be from a trusted person or organisation.
Email phishing, although still a very real threat, has become less common in recent years, as email service providers have enhanced their technologies to better detect and block phishing emails, and new security features such as Microsoft Password Monitor continue to be rolled out to safeguard users and enhance online security.
As a result, however, scammers have turned their attention to alternative streams, primarily text messaging, where there is currently less awareness when it comes to spotting and stopping phishing attacks.
Whilst there are some preventative technologies in the marketplace, such as Microsoft’s Advanced Threat Protection (ATP) for Android, which protects against phishing attacks and blocks attempted access to unsafe websites, SMSishing as a concept is still relatively new.
Thanks to increasingly sophisticated tactics and often easy means of profitability, SMSishing is now considered the most common type of cybercrime, with incidents on the rise.
SMSishing fraudsters will often use Caller ID spoofing to display the name or number of legitimate people and organisations.
Usually, they’ll then use scare tactics or create a sense of urgency to mislead and manipulate their victims, for example “Your AppleID is due to expire today. Please click here to update your details and prevent loss of services or data” or “We have identified some unusual activity on your online banking. Please log in via [link] to secure your account” which entices the victim, encouraging them to engage with the message by clicking a link and/or submitting personal information.
Then hey presto! The fraudsters can have everything they need in a matter of minutes.
There’s also been a big rise in text scams, particularly from those claiming to be couriers such as Hermes, Royal Mail and DPD, stating the victim has missed a delivery and needs to rebook. The scammers then usually ask for personal information and card details to schedule a *fake* redelivery.
Like with other types of phishing, there are a few things to always bear in might, which will help prevent the likelihood of a SMSishing attack:
Managing your digital security can be time-consuming and bewildering. At Infuse, we understand the impact this can have on both businesses and individuals, and we’re here to provide you with a complete solution. To speak with one of our experts, please get in touch today.