The smartphone has become the constant companion of our modern society. That’s why it’s important not only to beware of fraud and hacking on the computer but also to include mobile devices such as cell phones. Unfortunately, smishing – phishing via SMS – is a growing trend.
New trend: phishing via SMS
Patrycja Tulinska, Managing Director of PSW Group, explains what smishing is all about: “Smishing is a compound word consisting of SMS and phishing. When cybercriminals phish, they send fraudulent e-mails and entice the receiving victims to click on links or open attachments. Using manipulated websites, cybercriminals manage to steal login data, message content, or other information, for example. Smishing simply uses text messages instead of emails.”
Essentially, the motives or goals of cybercriminals can be broken down into three: they want to grab access data, such as banking information, spread malware that can grab credit card numbers or other information, or compromise (app) credentials. Or third, they want to enrich themselves by pocketing sums of money. To achieve their goal, the attackers use various methods with which they repeatedly succeed in tricking their victims.
Phishing via SMS Methods
As with email phishing, for example, criminals can send text messages with a download link to malicious software. The recipient is asked to click on it. If he or she complies with the request, the software is downloaded in the background and the attacker gains access to the smartphone in this way.
Another perfidious method is redirecting the victim to a form embedded in a fake but deceptive-looking website. “The personal data entered into this form is then delivered free to the scammers. This trick is particularly popular for obtaining access data for online banking or other account and credit card information. Typically, the cybercriminals report security problems that would require the immediate transfer of personal data in order to continue using all the functions of a service,” warns Tulinska.
One sophisticated attack is spear smishing. Here, cybercriminals evaluate Internet profiles of the victim in advance, for example from social networks. In this way, they obtain a picture of the person and tailor the smishing precisely to that. Since the attackers already know the victim’s personal information, a deceptive feeling of trust and credibility is created and data is often willingly entrusted.
“Also very popular is the method in which cybercriminals pose as customer service employees. The victim of this scam receives an SMS with information that it is necessary to contact customer support via the number provided. If the scammer talks to the victim, he tries to elicit information. Due to the scam of pretending to be a support employee, there is increased credibility – and details are blurted out trustingly”, warns Patrycja Tulinska.
Protect Devices From Smishing
The expert has a few tips on how users can protect themselves efficiently against smishing: As a rule of thumb, every user should take to heart: Neither credit card nor banking information has any place on a smartphone. Because where there is no information, nothing can be stolen. “In addition, the benefit of antivirus software cannot be stressed often enough, even on the smartphone.
True, there is no guarantee that an AV program will also detect malicious software. But with this additional level of security, the likelihood of smartphone infections decreases,” says Patrycja Tulinska.
Receiving urgent security alerts via SMS, coupons, offers, or deals that should be redeemed immediately, must make you prick up your ears and should definitely be taken as a warning signal of an attack. “Neither banks nor merchants or other agencies and institutions send text messages to request account information or ask their customers to confirm by PIN.
Anyone who receives such a text message supposedly from a merchant or their bank can call them to verify that the message really came from there,” Tulinska advises. Under no circumstances should you click on links or telephone numbers in messages, because cybercriminals also like to pose as acquaintances. Anyone who is unsure should call the sender, even if it is the supposed buddy, and ask.
