Have you ever received a text message stating a problem with a recent order you made online (say, with your Paypal or Amazon account) and instructing you to click on a link to help resolve the issue? If so, you have very likely been the target of phishing SMS scams (known colloquially as ‘smishing’ or ‘SMiShing’.
SmiSHing is where a hacker sends a text (or SMS) that asks the recipient to click on a link (as in the example above). Two things usually happen if the link is clicked:
The link will redirect the recipient to a website that will attempt to download malware onto their device that will be able to track the recipient’s online movements.
The link will redirect to a fake website that asks the recipient to input their private information onto a fake web form (also known as a phishing form). Hackers actually control this webform, although it will look identical to a form that the recipient has seen before (such as a PayPal login).
The hacker is using the SMS to extract sensitive information from the recipient, such as their social security number, insurance information, or credit card number. The SMS scams will often claim that there will be negative consequences if you do not follow the link, such as your credit card being blocked, your account being locked, or your utilities being shut off.
It Became Easy for Hackers to Steal Personal Data
Smishing can be an easy way for a hacker to steal data from a user because the user is literally handing over their private information to the hacker. It has also become increasingly accessible as we rely on our phones in our daily lives, particularly in our finances. In fact, the number of smishing attacks has drastically increased over the last few years. In 2020 alone, smishing attacks rose 328%. Telecommunication companies are struggling to catch up with the increasingly sophisticated ways in which hackers can exploit people through these SMS scams.
If you are concerned about smishing, we have compiled three essential tips to help you avoid falling victim to an SMS scam.
Don’t Reply to the Message or Call the Number
The number one rule for smishing SMS scams is to never reply to the message or call the number that sent the text. One way in which hackers try to convince you to reply is to include a phrase like “text ‘stop’ to stop receiving messages”. If the message is a scam, then replying to the number may result in more messages being spammed into your phone.
The same is also true of calling the number. Hackers often won’t know that the number they’re sending the text to is active. If you phone the number that sent you the text, you will signal to the hacker that the phone is active. This will lead the hacker to continue, and possibly increase, the number of spam messages you receive.
The most effective option in such a situation is to block the number immediately. While some phones do not include phone blocking in their software, several apps out there specialize in number blocking. Invest in one of these apps if you are able to, and you will be able to filter out the spam messages that you receive. Another effective way is to identify the person by looking up the phone number before you call or message. Always remember to be cautious of unknown numbers.
Don’t Click Any Links
Smishing can be a subtle game. Most of the time, a hacker doesn’t need you to provide them with passwords, social security numbers, or pins. All they really need to do is get you interested enough to click a link that will result in a virus being downloaded on your phone. If you do click on a phishing link, your mobile device will likely become infected. Because these viruses are designed to stay hidden, you might not even realize your phone is infected. However, there are several signs that your phone has been infected. These include:
Your phone is heating up excessively.
Unsuspected memory usage on your phone.
Pop-up messages occur when trying to use your phone’s web browser.
If you have clicked on a link for a suspected SMS scammer, installing an antivirus app on your phone that can scan your device is best. Although the virus may have already been successfully extracting private information from the phone, it is still well worth finding a way to remove the virus before more harm is done.
Antivirus apps are generally an excellent preventative measure that can help prevent smishing attacks from occurring in the future. A good antivirus app will block virus installation attempts, as well as block unsafe websites.
Search the Number and Message Content Online
If you receive a message that looks like a smishing scam, but you are unsure either way, a suitable verification method is to type the number or the message into a Google search. Likely, you are not the first person who has received the message. If that is the case, you’ll probably find other people posting on various scam number websites. Use a site like 800notes.com. Doing so lets you vet the phone numbers of potential smishing attacks.