If you’re like most everyone with a personal device, you’ve seen a significant uptick in the number of SMS messages, with too many not pertinent to your life. On occasion, these could be wrong numbers that we can chalk up to honest mistakes or “fat fingers.” But more frequently, these represent an increasingly common type of attack referred to as smishing. To understand smishing, we must first understand SMS messaging.


What is SMS?

SMS, more commonly known as texting, stands for Short Message Service and is a means of sending short messages to mobile devices, to include cell phones and smart phones.


Ok, so, what is smishing?

Smishing is a type of social engineering phishing attack using SMS. Think of smishing as a combination of phishing and SMS. Similar to phishing scams, smishing messages typically include a threat, enticement, and even curiosity to click a link or call a number, often with the goal of getting you to hand over sensitive information.

The FCC (Federal Communications Commission) recently published a warning on the rising threat of smishing attacks, attacks aimed at stealing personal information and/or for financial gain and scams. The alert published by the FCC reads:

“The FCC’s Robocall Response Team is alerting consumers to the rising threat of robotexts. Substantial increases in consumer complaints to the FCC, reports by non-government robocall and robotext blocking services, and anecdotal and news reporting make it clear that text messages are increasingly being used by scammers to target American consumers.”

Smishing attacks can take many forms. Sometimes they can leverage the “wrong number” trick to elicit a mistaken click:

Smishing message example

Or, sometimes, they pander to more basic instincts with the promise of cash rewards:

Example of Smishing Message

If you are in the United States, the current time is ripe for an increase in a different type of SMS attacks: the political donation scam.

Remember, hackers read the news too, and are very aware of upcoming and trending events. As we approach the midterm elections of November 2022, political campaigns become increasingly prominent, newsworthy, and a focus for many. Hackers know this and use SMS to feed on our fears and desires for the future. Utilizing SMS as a social engineering tool, hackers tempt us to be vulnerable and comment on many topics important to us: campaign promises related to health care and education, other candidates from opposing parties, job and market future outlook, and even campaign rallies and fundraising requests. You can imagine how a few of these attempts might prompt a recipient to inappropriately react and put themselves at risk:

Smishing Message Example

Smishing Example

Because politicians can and do use SMS messaging as a campaign tool, we are primed to view a text from an unknown number with less scrutiny. This means attacks like these can be especially effective.

Help protect yourself and your personal information against SMS attacks with the following quick tips:

  • If you do not recognize the text or call number, do not click the link.
  • Resist responding to the text, even if the message requests that you “text STOP” to end messages.
  • If a text is suspicious, just delete it.
  • Ensure your devices are updated to the latest software version and turn on automatic updates if available.


Source: https://www.sans.org/blog/tis-the-season-smeason-for-smishing/


About DT Asia

DT Asia began in 2007 with a clear mission to build the market entry for various pioneering IT security solutions from the US, Europe and Israel.

Today, DT Asia is a regional, value-added distributor of cybersecurity solutions providing cutting-edge technologies to key government organisations and top private sector clients including global banks and Fortune 500 companies. We have offices and partners around the Asia Pacific to better understand the markets and deliver localised solutions.