Smishing, phishing and vishing: Whatever the terminology, don’t fall victim to hacker trickery
By Kutlwano Mogatusi
WesBank marketing specialist.
When people think of phishing attacks, distinctive images come to mind: a suspicious email, a link that looks dubious, and, undoubtedly, the stress that follows. But like all cyber trickery, phishing attacks continue to advance in intricacy and refinement.
As more and more people use their cell phones for both personal and work-related activities, smishing is becoming a major threat. It is, therefore, no surprise that recent trends show a noticeable uptick in ‘smishing’ attacks. This form of phishing is when hackers use text messages to attempt to gain sensitive user information.
Proofpoint, a security software company in the US that processes more than 80% of North America’s mobile messages, reported that only 23% of users over the age of 55 had been able to correctly define smishing, with millennials not doing much better. Only 34% of people aged between 23 and 38 years old indicated any understanding or awareness of the term.
Because people are increasingly becoming attached to their mobile devices, it should come as no surprise that the number of smishing attacks has risen steeply in recent years. It has been reported that smishing attacks increased by 328% in 2020. It is believed that while genuine authorities used SMS messages to communicate about COVID-19-related information such as vaccine options, lockdowns, and COVID-19 safety protocols, hackers became active in replicating pandemic-related content to manipulate people into sharing sensitive information with them.
In simple terms, smishing, or SMS phishing, is one of the easiest ways for hackers to steal user information.
In common with phishing, which uses email as the preliminary approach, and vishing, which uses phone calls, smishing uses your phone’s text messages. It is important to note that a cell phone could be either a smartphone or a traditional non-internet connected mobile device. Smishing coerces people into deception and takes further action that leads to being swindled.
WesBank recommends that before clicking any SMS-based link, you should always check if you recognise where the message is coming from. Remember that the bank or any genuine business will never ask you for personal or sensitive information via a text message. Ensure that you do not click on any hyperlinks that appear in the message. Should you be directed to a website, ensure that you have all the necessary web filters that alert you to any malicious content. It is also important to bear in mind that smishing is not only limited to messages sent via SMS. WhatsApp, Facebook and other social media messaging platforms or services are potentially harmful and could make you vulnerable.
Here are a few things to keep in mind to help protect yourself:
1. Do not reply. Hackers rely on your interest or concern over the circumstances conveyed in the message. The best guidance is to refuse to participate. By responding, you could be manipulated into revealing personal information that could land you in deep financial distress.
2. If a message is marked urgent, take a deep breath and try to remain calm. Approach any urgent updates and limited time offers as possible attempts at smishing. Remain unconvinced and proceed with caution.
3. Call your bank or the retailer directly if concerned about a message involving your vehicle finance. WesBank, legal institutions and businesses do not request specific account details or login information via text.
4. Do not click on any links in a text message. Be 100% certain that they are authentic.5. Check the phone number. Strange looking phone numbers, such as 4-digit ones, can be evidence of email-to-text services. This is one of many tactics a scammer can use to mask their true phone number.
6. Think before taking any action when replying to text messages.
7. Identify offers that look too good to be true.
8. If in doubt, call the company or individual from whom the text claims to have been sent, to check its validity.
9. Financial Services Smishing is cloaked as a notification from a financial institution. With the growth of online banking and a flurry of digital services, financial services are more vulnerable to both generic and institution-specific messages. Tactics of a financial services smishing scam could include an urgent request to unlock your account, being asked to verify suspicious account activity, and more.
10. Use multi-factor authentication (MFA). An unprotected password may still be useless to a smishing attacker if the account being breached requires a second method of verification. MFA’s most common option is two-factor authentication, which often uses a text message verification code.
11. Never provide a password or PIN via text. Never communicate this information to anyone, and only use it on official websites.
12. Download an anti-malware app. There are specific products for Android and iOS phones that can protect you against malicious apps as well as SMS phishing links.
13. Formally report any SMS phishing attempt to the institution it involves.
The good news is that the potential consequences of smishing attacks are easy to protect against. The best way to keep yourself safe is by not reacting to the text and doing nothing at all. Simply delete the suspicious message. Essentially, the occurrences can only harm if you follow through and take the bait.
Of course, it is important to know, that text messaging is a genuine business practice and a means for many retailers and institutions to reach you. Not all messages should be disregarded, but irrespective of the situation or message, you should always act safely.