SMiShing: A New Mobile Computing Scam

Chances are, you’ve heard of phishing before--emails that promise some benefit or prize if you only click on the included link, that actually only results in trouble for you and your data. Unfortunately, as technology has embraced mobility, so have phishing attempts. This is why you must also be aware of SMiShing scams.

What Is SMiShing?
SMiShing is a mobile variant of phishing that involves the use of a text message, rather than an email, to catch the target in the phisher’s net. These attacks are highly reliant on the target’s compliance with the instructions the cybercriminal provides, as well.

These attacks can be more effective than the typical phishing attack, as the general public is increasingly aware of cyber threats--yet don’t expect these threats to manifest in their cell phone.

Just as one would experience in the ‘typical’ phishing attack, a ‘smisher’ will likely try to gain your trust in order to extract credentials. This ultimately allows them access to the accounts they obtained the credentials for, permitting them to wreak havoc and/or steal what they please. This is especially dangerous if they gain access to any client financial information you may have on file. Alternatively, some smishers will claim that if you don’t access a link and enter your personal information, that you will be charged daily for some service. Naturally, if this service is one that your organization has not signed up for, this message should be reported to IT and then disregarded.

How To Spot SMiShing Scams
First, if you suspect that a message is fraudulent, it never hurts to reach out to confirm that the message was sent by who it seems to have been. To do so, reach out via a different channel than your text, such as calling an official service number to speak directly to a representative. This allows you to confirm that the message was legitimate or fraudulent without exposing yourself or the business to greater risk.

In essence, avoid responding to text messages from senders that you don’t know--especially when the number is a 5000 number. This indicates that the message was actually an email sent as a text message, which is often a tactic used by scammers.

Finally, keep an eye out for any messages that contain downloadable apps. These are a favorite method to introduce malware to a mobile device. If an app doesn’t come from an official app store, it is likely a piece of disguised malware.

How To Be The Most Safe
If in doubt, confirm before you answer. Additionally, a VPN (or virtual private network) can help you maintain your mobile security, especially when paired with the practices outlined above.

BNMC can help you to put these safeguards, and others, in place for your business devices. Give us a call at (978) 482-2020 to get started.