You’ve probably heard of phishing, the infamous practice by which a hacker may try to trick you into giving away sensitive information via email. However, there is much more to phishing than just a suspicious email here or there; as individuals and businesses become more savvy about threats like those that may come via email, cybercriminals expand their arsenal of tools to cost you precious time and money. One example of this is smishing.
What is smishing?
Smishing, short for SMS phishing, is just what it sounds like — a cybercriminal obtains your cell phone number and sends a text in an effort to get you to give away sensitive information. The use of this practice coincides with a growing trend among businesses to integrate SMS messaging systems into their operations, allowing them to communicate with clients and customers via text. For example, you might receive appointment reminders, technical support, or special offers via text message from a company to whom you provide your number. Gone are the days when the only people you would text would be people you know personally, like friends, family, or colleagues.
A cybercriminal may take advantage of this in a few different ways. He or she could pose as an employee from a company with whom you do business, asking to confirm information about your account with them. This, however, could easily be noticed by the receiver as an attempt to obtain unauthorized access to an account, or other important information; instead, as with vishing, the cybercriminal may instead to try to obtain information in your conversation that, while not directly giving away something such as a username, password, or personal details such as date of birth or address, could provide them enough data to infer the information they’re actually looking for.
How can I protect myself from smishing?
To protect yourself, there are a few practices that can reduce the likelihood that you will be the recipient of a smishing attempt in the first place. Firstly, you can try to limit the individuals or organizations to whom you provide your mobile number to only those who you truly need to receive messages from. This can prevent a smishing attempt stemming from an event like a data breach containing personal information, such as phone numbers.
Another practice you can employ is making it a habit to add the numbers of companies you do receive texts from into your contacts, allowing you to easily identify legitimate text messages from a company you use. Of course, it’s conceivable that you could receive a legitimate text message from a separate number at a given company, but this makes it much easier to identify the number as being different from that with which you have corresponded previously.
Thirdly, if you receive an SMS message posing as a business or employee asking for sensitive information, treat it with suspicion. Never give out information like your username, password, or sensitive personal details over text — most companies that do use SMS systems for their customers will not ask you for these details this way. If in doubt, give the company a call on an official phone number to confirm if the communication is legitimate or not.
Being aware of developing threats is an important part of a complete cybersecurity strategy. We recommend keeping up to date on trends in cybersecurity to ensure that you never lose track of new threats to your business. If you’re looking for a cybersecurity partner, Cyber Sainik specializes in a variety of security services. Get in contact with us today to learn more.