Have you ever received a suspicious text message? Well, you could’ve been a victim to “smishing”.
What is “Smishing”?
Smishing targets individuals through SMS (short message service). It is a combination of “SMS” and “phishing”. In a smishing attack, cybercriminals can send deceptive text messages to mislead victims into sharing personal/financial information, clicking on malicious links, or downloading harmful software. These messages often appear to be from trusted sources and use tactics to create a sense of urgency, curiosity or fear to manipulate the recipient. Smishing can lead to data theft, financial fraud, malware installation, and other malicious outcomes.
There are 3 types of smishing attacks:
- Credential phishing – Trying to steal login credentials
- Malware distribution – Luring victims to download malicious apps/software
- Financial fraud – Tricking victims into sharing banking/payment info
How is this different from phishing and vishing?
Smishing
- Delivery method: SMS/text messages
- Example: A text message asking recipient to click a link to verify a suspicious bank transaction.
Phishing
- Delivery method: Primarily through email but it can also include websites and social media.
- Example: An email asking the user to reset their passwords due to a security breach, leading to a fake login page.
Vishing (Voice phishing)
- Delivery method: Phone calls
- Example: A fraudulent call from someone falsely claiming to be from the IRS, demanding immediate payment of back taxes and threatening legal consequences.
How to Identify and Prevent Smishingas an individual:
- Be cautious of any unsolicited texts, especially those with hyperlinks or requests for sensitive info.
- Avoid unknown numbers or numbers you do not recognize
- Verify the sender before taking any action (ask HR to confirm sender’s number, send a direct message on Slack, Teams, or LinkedIn to the individual to confirm the request)
- Do not send over personal or financial information over text messages
We highly recommend organizations to implement cybersecurity measures such as SMS filtering, multifactor authentication (MFA), and anti-phishing tools. Simulating smishing tests can provide awareness across the team and establish a reporting protocol.
MFA:
- 1Password
- Google Authenticator
User Education and Awareness Training
- KnowBe4
- Hook Security
Reach out to learn more about what you can do to protect your private information.
