Smishing: The “Smashing” Phishing Tactic to Have on Your Security Radar

May 17th, 2021

We all know what phishing is, right? Or do we? The scope and scale of phishing attacks is increasing every day. It’s not easy to stay on top of the latest phishing tactics used by creative cybercriminals. Unfortunately, we don’t have the luxury of ignoring phishing – we are being targeted by such attacks constantly.

When it comes to phishing attacks, awareness is the better part of valor. So, let’s talk about a type of phishing attack called smishing. (We’ve got to give to the folks who coin these terms!). If you have a smartphone, and it would be fair to say all of us do, chances are that you have already been targeted by a smishing attack.

First thing’s first: let’s define the term. Smishing is a phishing attack that uses text messages to send malicious links your way. As is the case with email phishing, these messages are extremely deceptive and trick users to unintentionally share sensitive or valuable information.

Back before the pandemic when more of us were still working in the office, smishing attacks were already common. These attacks are now increasing even more, especially with so many of us working from our homes. We all need to be wary of these attacks.

Vulnerability to smishing has increased

You must be thinking that you’ve been hearing about phishing attacks for a long time – why is this something to worry about?  You’re not wrong – phishing attacks have been testing you for a very long time. But working out of your home, many workers use their personal PCs and phones to access corporate resources. Your home IT environment is less secure than your office IT environment, and that increases your vulnerability.

Plus, it’s easier to open and respond to a text message than an email. This convenience is exploited by cybercriminals. Attackers also now have plenty of messaging options to send to potential victims. The fact that you are working from home means you are always on the lookout for messages from your bosses and colleagues. Be honest – how many times have taken a very close look at the message you receive from people you know before you reply?

Smishermen’s tactics

Text messages are at the forefront of any and every smishing attack. Cybercriminals know people are getting wary of email-borne phishing attacks and are therefore on guard.

Enter smishing, a portmanteau word made up of ‘SMS’ and ‘phishing’. The fact that smartphones are omnipresent these days makes it easier for criminals to launch smishing attacks upon a very large audience in one go, making it a popular attack vector.

Hackers typically take advantage of the fact that we receiving regular messages from certain institutions likes banks, mobile operators, and more. You probably receive genuine messages/updates from your bank on your phone. A scamster will proceed to create a text message with the name of the bank. The message asks you to urgently share your online banking information otherwise you will be locked out of your account. You read the name of your bank and quickly share this information with the scamster.

That’s it – you’ve been duped.

Here’s another example. Imagine you’re working on a project and running up against a tight deadline. You are constantly exchanging messages with your colleagues, and in the midst of this you receive a message purportedly from your colleague asking you to click on a link (e.g., a project mockup link). You do that, and suddenly, you’ve become the victim of a smishing attack.

Better awareness and reliable and robust security that safeguards your personal device from just such threats work to keep you safe from this kind of attack.

Effective smishing protection

The idea behind all phishing scams is to convince you take immediate action without thinking. So, protecting yourself from such attacks is easy if you just take it easy. If a message seems extremely urgent, the person or organization is unlikely to reach out to you with just a text message, for example. Alternately, you can give them a call to confirm the message was indeed sent by them.

  • Treat all ‘you must act immediately’ messages suspiciously.
  • Remember, your banks or any other financial institution will not ask for sensitive information or to click on a link to share account credentials. If you receive such messages, it is fake.
  • Adopt a ‘no-click’ policy.  Don’t click on any link in a message.
  • Also make sure you deploy comprehensive mobile security to protect your phone from hacking attempts and ensuring it stays safe from smishing attacks.

A comprehensive security cover

Smishing is not the only threat out there. There are plenty of both known and unknown threats that are coming at you from all directions and through the variety of devices you are using – PCs, Macs, and smartphones. While security awareness is paramount, there is always a chance that you will let your guard down one day and click on an email or a text message you shouldn’t. Cybercriminals have to get it right just once, while you have to be on guard all the time.

This is where an antivirus solution comes in to help you out. Sophos Home adopts a layered approach to security and offers a collection of security capabilities such as malware scanning, mobile management, AI Threat Detection, ransomware security, and more to deliver comprehensive protection against advanced threats.

Measured steps and good smartphone hygiene will protect you from smishing attacks every single time.

What are you waiting for? Let's get started!

Free Download
No credit card required