Smishing – phishing via text message on your smartphone

Safe devices

More and more frequently, users are being sent messages via SMS, WhatsApp or other text message services prompting them to click on a link. This is what we call “smishing” – a term coined from the words SMS (short messages) and phishing (theft of access details via fake messages). While most people are familiar with phishing attacks via email, they are unaware that the same danger is lurking on their smartphone.

iBarry growls at a smartphone on which he is lured by a message in the shape of a bone

The aim of smishing attacks is to steal personal data and use this information for fraudulent purposes at a later point in time. Similar to phishing, this type of data theft often involves the use of fake messages. The only difference: this cyberattack is not carried out via email, but instead via SMS or messenger services such as WhatsApp. The nasty thing about it: smishing attacks are extremely clever, meaning that anyone can get caught out.

Many users these days are aware of phishing and treat their email inbox with a healthy degree of suspicion. Spam filters from email providers are also a useful tool for preventing phishing attempts. However, many smartphones generally lack this automated protective mechanism. Recipients often tend to view senders of SMS or text messages as trustworthy and don’t think twice about opening these messages.

On top of that, everything is that little bit smaller and faster on your mobile – you’re on the move, are easily distracted and are much more likely to react to a message. And as a result, you fall right into the hands of the smisher aiming to provoke exactly that kind of response, e.g.:

How smisher proceed

The methods are generally similar to phishing via email: fear is frequently used as a means of applying pressure. The messages often warn you that certain login details are blocked or that the account in question has already been hacked. In many cases, however, they contain requests to reset passwords, information on authenticating accounts, prompts to update user data or even information about parcel deliveries.

One of the most common methods of smishing involves using brand names or names of reputable companies with links that supposedly take you to the website of the company. Typically, an attacker will tell the user that they have won some money or include a malicious link purportedly enabling them to track packages.

Users are therefore provoked into taking swift action to prevent any unpleasant consequences. Unfortunately, the text messages also seem very authentic.

«Users are provoked into taking swift action. »

Protect yourself!

Additional information