What is Smishing?
Smishing, short for ” SMS ” and ” phishing ,” is a new online scam. It consists of sending SMS messages convincing enough to encourage the target of the Smishing to do an action: click on a link, download a (malicious) program or send private information.
With 3.5 billion smartphones all over the world, all of which allow you to receive sms, there are many targets for scammers.
With credible message content such as: a notice of sending the post, a contest or a pending refund… victims tend to easily perform the requested manipulation.
How Smishing works
Most Smishing attacks work like email phishing .
The information that scammers want to collect can be diverse:
- Online Account Identification Codes
- Personal identity information
- Credit card number
Sometimes the goal is to trick the target into going to a fraudulent site. To do this, the content of the Smishing will probably be related to a known brand:
- Verifying payment information
- Payment of postal costs
- Gift or discount following an order
- Validation of an order (never made)
Smishing can also offer the download of an attachment that allows the spread of malware or spyware.
Regardless of the process used, the goal is, as with phishing, to recover personal data for identity theft, financial data for various scams, conclude unwanted subscriptions or recover access codes to your various applications or online accounts.
Social engineering, the working principle of Smishing
Social engineering is the fraud techniques used by cybercriminals. The goal is to steal victims’ personal data by putting them in trust.
This psychological manipulation makes it possible to push the target to perform what is requested, without realizing the danger.
Scammers will exploit the good faith, availability, insecurity of the targeted people, to gain their trust and extract personal information from them.
Examples of social engineering attacks
Fraudsters use techniques that vary enormously. They can be very creative and new attempts at deception appear every day. Check out some examples of attacks to help you more clearly identify potential threats :
- Baiting : Government agencies in several U.S. states fell victim to the baiting technique in 2018. They received envelopes, stamped from China, containing a letter and a CD-ROM. The CD contained malicious code hidden among documents with an innocent appearance.
- The pretexting technique : A 2019 Verizon report found that criminals often pose as co-workers to deceive their victims, for example by posing as a company’s HR or finance department.
- Phishing: In 2020, a phishing attack sent emails appearing to be from the World Health Organization (WHO). The message contained false information about the actions to be taken to prevent the spread of the coronavirus. After trying to download the document as an attachment, the victims were redirected to a fraudulent website.
Signs to spot Smishing
In the first place, the SMS will arrive from a number you do not know.
If the content of this SMS asks you to send money, click on a link, download an attachment or transmit personal information, then beware.
If texting makes you feel fear, guilt, or urgency: remember that cybercriminals use social engineering. And of course, always take with a lot of hindsight the offers too good to be true: you won the lotto but you never played? the scam seems obvious.
And never forget: no sign will ever ask you for your password. Your personal identity information should be given with the utmost care.
Talk about it around you, ask the opinion of your loved ones and wait to be sure of the origin of the SMS before answering.
At the slightest doubt: delete the SMS.