SMiShing Is Nothing to ‘LOL’ About :(

Text messaging is innate for most mobile phone users. In fact, more than 80% of the US population owns a mobile phone and 70% of these individuals regularly send or receive texts (1). Short Message Service (SMS) texting offers a casual, relaxed communication platform where by emoticons and abbreviations are the norm. There is nothing complex or ornate about text messages, thus adding to their appeal. However, as we acquire a more lax mindset with this technology we become susceptible to cyber threats.

More than 6 billion SMS text messages were sent per day in the United States in 2011 (1), skyrocketing mobile phones to one of the largest targets for exploitation in intricate phishing attacks commonly referred to as SMiSing. SMiShing texts attempt to entice users into providing personally identifiable information or credit card details by offering glorious prize winnings such as high dollar gift cards and sought after devices like iPads. SMiShers will also try to coerce users through hoax account notices involving banks and large corporations.

Awareness is your best line of defense against SMiShing attacks! Follow these best practices to reduce your vulnerability to SMiShing:

  • Never provide sensitive information via text. Regardless of whether or not you know the recipient text messaging is not a secure method for data transmission. 
  • Do not respond to unsolicited messages or spam. Always be suspicious of all unknown senders and unsolicited messages.
    • Replying to spam messages confirms you have an active phone number and increases your odds for more spam and SMiShing attacks (4).
  • Do not click on links within a message.

    • Clicking on links within messages can install malware which allows attackers to gather information directly from your phone.
  • Enroll your phone on the National Do Not Call Registry.

    • The Do Not Call Registry is managed by the Federal Trade Commission; this service restricts the amount of telemarketing phone calls you receive (2).
  • Report SMiShing.

    • SMiShing and text spam complaints can be filed with the Federal Trade Commission (2).

 

References:

1. Forrester Blogs. (2012). SMS Usage Remains Strong in the US: 6 Billion SMS Messages are Sent Each Day. Retrieved from, http://blogs.forrester.com/michael_ogrady/12-06-19-sms_usage_remains_strong_in_the_us_6_billion_sms_messages_are_sent_each_day.

2. Federal Trade Commission. (2013). Text Message Spam. Retrieved from, http://www.consumer.ftc.gov/articles/0350-text-message-spam.

3. Federal Bureau of Investigation. (2010). SMiShing and Vishing. Retrieved from, http://www.fbi.gov/news/stories/2010/november/cyber_112410/cyber_112410.

4. NBC News. (2013). SMiShing Text Messages Seek Your Credit Card Info. Retrieved from, http://www.nbcnews.com/technology/technolog/smishing-text-messages-seek-your-credit-card-info-947348.

Last updated: March 01, 2016