Don’t Get Taken in by SMS Phishing (Smishing)

The Internet Patrol default featured image
Share the knowledge

Last week we told you both how to stop SMS spam, and how to report SMS spam. But now we want to talk about a particularly nasty form of SMS spam: smishing, which is the act of phishing by SMS for private information, often to be used for identity theft. These smishing attempts take the form of text messages which come to your phone saying things like “We’re confirming you’ve signed up for our dating service,” “Your account has been suspended,” or “(Random) bank is confirming your purchase.”

As more and more users are becoming more and more savvy to phishing tactics (in part, we hope, because of sites such as ours), the phishers have had to try to stay one step ahead of the game. One way that they have done this is by phishing by cell phone, sending SMS text messages that are phishing efforts. Because users are not expecting phishing by cell phone, the user may be more likely to fall for the phishing attempt, and respond or take some other action that compromises their security and the security of their personal information.

Many smishing attempts take the form of a text message showing up on your phone inviting you to register for a service, or telling you that you have won something, and then giving you a link to visit with your phone. Sometimes it’s a link to confirm or cancel an order that you supposedly placed – the smisher counts on your being concerned about being charged for an order you didn’t place, and that concern making you careless so that you rush to click through the link.

Of course, when you visit the link, you either have to provide personal information – or a virus, worm or spyware may be loaded onto your phone – or both. In some cases, the smishing message offers you a link to download antivirus software for your phone which, in fact, turns out itself to be a virus for your phone.

The McAfee security site explains that “… mobile users have not yet learned to treat their phones with the same level of concern that they apply to their laptops.” Yet, warns McAfee, “Mobile devices present a serious challenge to data security, with the potential to infect both carrier and enterprise networks.”

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

Known smishing attacks to date have included text messages such as “We’re confirming you’ve signed up for our dating service. You will be charged $2/day unless you cancel your order on this URL:”, “(Random) bank is confirming that you have purchased a $1500 computer,” and “(Name of random bank): Your account has been suspended” (or “Your ATM card has been suspended”).

In each case there is either a URL to go to to “fix” the problem, or a phone number to call to rectify the situation. And, in each case, they are after your personal information.

According to one report, financial information illegally obtained this way was put into use with a cloned credit card on the other side of the globe within a half hour of the person unsuspectingly exposing their information!

So, if you get an unexpected text message on your phone, do not respond to it and do not take whatever action it’s trying to get you to take.

Instead, read our article on how to defend against and report SMS spam.

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

 


Share the knowledge

One thought on “Don’t Get Taken in by SMS Phishing (Smishing)

  1. I recently had someone I met on *****s list request my cell phone # via a private SMS link it reads:

    You are about to give your cell phone number to ******* (her name). Please continue to confirm your number and send it to her(him). Thank you.
    Step 1: Enter your cell phone number. We will send a 4 or 5 digit confirmation code to your cell phone.
    Step 2: Enter your confirmation code here to confirm that you own that cell phone number.
    Once you confirm that the number is yours, we will send a message to ******** to notify her(him) about your number. She(he) may contact you with your cell phone number.

    Once you confirm your cell and send that code, the scammer has access to your cell to clone it, charge international calls to, steal any data saved on the phone, or you are signing up for some pricey monthly service charge.

    Usually when they ask you to confirm that you own the cellphone by receiving and entering you are actually giving them permission to charge you. That’s what they do with all those CPA offers.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.