The bad actors are at it again, this time taking their phishing schemes to text messages. Just this week, I received my first two. And just this week, Digital trends posted an article about this very subject. It seems that the decline in using traditional email in favor of cell phone alternatives is cutting into the bad guys’ revenue. So, they have taken their black arts to text messages.
Here’s the second text I received. The first was something about I have earned a reward for being a nice person, or some such nonsense. Hey, I am a nice person much of the time but, how would this anonymous source know that?
The article says this new social engineering attack has a new name, smishing which is a mash-up of SMS phishing and it uses all the same tricks as email phishing. The texts can be random, such as the one I show in this article, or they can appear to be from a legitimate source like a bank or the government. Apparently, these attacks are a real concern in Canada and the UK during tax time when they appear to be from the government.
The objective of the smishing attack is to get people to click the link which then downloads malware onto the phone. Smartphones have a lot more information about us than our PCs, so getting inside a person’s phone can be a goldmine. The malware can have various purposes, but personal data collections are top of the heap in most cases.
How do you defend yourself and your information against smishing? The same way you do against phishing. The best defense is don’t click anything. Seriously. Even if it looks legit, why would a company or government agency contact you like that? Don’t reply back to opt out either. That verifies your phone number as valid, opening you to further smishing attempts.
Delete the text and, if you are concerned, research the message, look up the phone number, go to the real company’s website to see if they are trying to connect with you, and so forth. Think about antivirus / anti malware software for your smartphone. Android phones are more susceptible to these attacks because their OS is open source but, as we have written elsewhere, Apple phones aren’t immune.
Be prudent about signing up to receive automated texts. If you do this a lot, you’ll find it harder to distinguish friend from foe. I only want texts from friends and my power company. In the latter’s case, they give me updates on outage restoration efforts. Otherwise, anything else is like to be a scam or junk and gets the boot. Be careful with texts from friends, though. If malware grabs their phone book, the bad guys can send you their dirty work under the guise of someone you know.
Let’s recap. Malware is being sent via texts containing links they hope people will click. Do not do it! Verify independently of the text if it seems like you should. Do not respond to the text in any way. It proves your number is active. Get some protection for your phone in the form of anti-everything apps.
If you are also looking for the most secure solution for communications you initiate, check out CRIP.TO. Our unique blend of hardware, software, and stack of services offer regular people, companies, and groups an end-to-end, secure communication solution that rivals what the government and military have. You deserve the right to communicate fearlessly. CRIP.TO can give you the protection to do precisely that.