Smishing, or SMS phishing, is the act of committing text message fraud to try to lure victims into revealing account information or installing malware. Similar to phishing, cybercriminals use smishing, the fraudulent attempt to steal credit card details or other sensitive information, by disguising as a trustworthy organization or reputable person in a text message.
With smishing, cybercriminals use a text message to try to get potential victims to give out personal information. The text message, which typically contains a link to a fake website that looks identical to the legitimate site, asks the recipient to enter personal information. Fake information is often used to make the texts appear to be from a legitimate organization or business.
Smishing has grown in popularity with cybercriminals now that smartphones are widely used, as it enables them to steal sensitive financial and personal information without having to break through the security defenses of a computer or network. Public awareness about phishing, smishing and other attacks continues to grow, as many incidents are reported on in the news.
How Smishing Works
Smishing uses social-engineering techniques to lure text message recipients into revealing personal or financial information. For example, during the holidays, you get a text message pretending to be from a well-known retailer telling you to go to verify your billing information or your package won’t be shipped in time to make it your gift recipient. The only problem is that the fake text message is providing you with a fake website link, where the information you provide will be used to commit identity theft, fraud and other crimes. Smishing is also used to distribute malware and spyware though links or attachments that can steal information and perform other malicious tasks. Messages typically contain some kind of urgency, threat or warning to try to get the recipient to take immediate action.
Other Common Cybercrimes
Education and awareness about potential attacks help improve cyber security. Here’s more information about some common types of cybercrimes.
Spear phishing attacks target individuals or small groups with access to sensitive information or the ability to transfer funds. Spear-phishing emails appear to come from someone the target knows, such as a co-worker or another business associate.
Whaling is a spear-phishing attack that specifically targets senior executives at a business.
With vishing, or voice phishing, cybercriminals pretend to be a legitimate business or organization and leave a telephone message to try to get potential victims to call back with their personal information.
Every business must educate employees about the dangers of smishing as part of its cyber security plan. With user security awareness training, employees are better able to recognize, avoid, and report potential threats that can compromise critical data and network systems. As part of the training, mock phishing, smishing and other attack simulations are typically used to test and reinforce good behavior.
- White Paper: Best Practices for Protecting Against Phishing, Ransomware and Email Fraud
- White Paper: Evolution of Spear Phishing
How Barracuda Can Help
Barracuda Security Awareness Training helps your business fight phishing and other social-engineering attacks by providing users with continuous simulation and training to understand the latest attack techniques, recognize subtle clues and help stop email fraud, data loss and brand damage.
Have questions or want more information about Smishing? Get in touch right now!