What is Smishing?
Smishing, or SMS phishing, is the act of committing text message fraud to try to lure victims into revealing account information or installing malware. Similar to phishing, cybercriminals use smishing, the fraudulent attempt to steal credit card details or other sensitive information, by disguising as a trustworthy organization or reputable person in a text message.
With smishing, cybercriminals use a text message to try to get potential victims to give out personal information. The text message, which typically contains a link to a fake website that looks identical to the legitimate site, asks the recipient to enter personal information. Fake information is often used to make the texts appear to be from a legitimate organization or business.
Smishing has grown in popularity with cybercriminals now that smartphones are widely used, as it enables them to steal sensitive financial and personal information without having to break through the security defenses of a computer or network. Public awareness about phishing, smishing and other attacks continues to grow, as many incidents are reported on in the news.
How Smishing Works
Smishing uses social-engineering techniques to lure text message recipients into revealing personal or financial information. For example, during the holidays, you get a text message pretending to be from a well-known retailer telling you to go to verify your billing information or your package won’t be shipped in time to make it your gift recipient. The only problem is that the fake text message is providing you with a fake website link, where the information you provide will be used to commit identity theft, fraud and other crimes. Smishing is also used to distribute malware and spyware though links or attachments that can steal information and perform other malicious tasks. Messages typically contain some kind of urgency, threat or warning to try to get the recipient to take immediate action.
Other Common Cybercrimes
Education and awareness about potential attacks help improve cyber security. Here’s more information about some common types of cybercrimes.
Spear phishing attacks target individuals or small groups with access to sensitive information or the ability to transfer funds. Spear-phishing emails appear to come from someone the target knows, such as a co-worker or another business associate.
Whaling is a spear-phishing attack that specifically targets senior executives at a business.
With vishing, or voice phishing, cybercriminals pretend to be a legitimate business or organization and leave a telephone message to try to get potential victims to call back with their personal information.