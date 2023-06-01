Smishing: What It Is and How to Defend Against It

Smishing, also known as SMS phishing, is a social engineering technique called phishing. Threat actors use it to send compelling text messages to unaware recipients, leading them to click a malicious link. Once clicked, the attacker can access sensitive personal information or even download harmful malware onto the victim’s smartphone.

How Does Smishing Work?

Like phishing emails, smishing attacks lure users with irresistible messages that either compel them to click on links or demand personal information from them. Threat actors use various ways to trick users into sharing their private data by using information such as name and address. The attached link may lead to a phishing site or malware that can be used to access the user’s private data.

What are the different types of smishing attacks?

Victims most often receive different kinds of smishing messages. Let us look at the top four variants:

Financial services phishing: Posing as a bank or credit card company, threat actors send messages such as a fraudulent purchase or missed verification process.

Online shopping scams: eCommerce shoppers commonly receive notifications about order confirmation, shipping, and delivery.

Prize scams: this is a common scam where threat actors send messages conveying that the target has won a prize.

What is the state of smishing attacks?

There has been a recent uptick in smishing attacks distributing FluBot malware, an Android banking trojan, through malicious links posing as Adobe Flash Player. Once it has control of the device, FluBot steals all online banking credentials and can send or intercept one-time passwords sent through SMS messages and capture screenshots. Similar smishing attacks were reported by Indian banks such as Axis Bank, ICICI Bank, and State Bank of India (SBI), which delivered reward-themed malware.

How to Defend Against Smishing

Raising awareness about smishing and the signs to look out for is crucial to mitigating the effects of such attacks. It is also recommended that individuals and organizations use Virtual Private Networks (VPNs) to obfuscate IP addresses while searching for or downloading files, effectively reducing the chances of social engineering attacks. Here are some tips to defend against smishing:

Stay vigilant of unexpected messages and take suspicious financial services-related texts to the bank’s attention. Don’t rush when a message persuades urgency. Read it carefully and evaluate the consequences and next steps. Avoid clicking links received from any suspicious source or received unexpectedly. Use a VPN to protect your enterprise. Opt for passwordless authentication as hackers cannot hack these mediums. Report any smishing scan to relevant authorities.

If anything seems suspicious, it’s always a good idea to immediately call the designated authorities on official contact. It could be your employees, banks, or online retailers, and verify the message received.

Conclusion

As people are getting more comfortable around digital conveniences, crimes are also getting more sophisticated, making detecting them more challenging than ever. Enterprises, government organizations, and individuals must employ necessary cyber-security protocols and stay vigilant to take the matters to designated authorities if suspicious activities are witnessed.

