‘Tis the season (SMeaSon?) for Smishing

Feb 28, 2024 | Articles | 0 comments

 

 

If you’re like most people with a personal device, you’ve probably noticed a notable increase in the volume of SMS messages, many of which are irrelevant to your daily life. Occasionally, these may be due to innocent errors or “fat fingers” misdials. However, more often than not, they are indicative of a growing form of attack known as smishing. To grasp what smishing entails, it’s essential first to comprehend the basics of SMS messaging.

 

What is SMS?

SMS, more commonly known as texting, stands for Short Message Service and is a means of sending short messages to mobile devices, to include cell phones and smart phones.

 

Ok, so, what is smishing?

Smishing combines elements of phishing with SMS, making it a form of social engineering attack through text messages. Similar to phishing, smishing messages often use threats, incentives, or curiosity to persuade recipients to click links or call numbers, aiming to extract sensitive information.

The FCC (Federal Communications Commission) recently issued a warning about the escalating threat of smishing attacks, which are designed to steal personal information or facilitate financial scams. The FCC alert states:

“The FCC’s Robocall Response Team is warning consumers about the growing menace of robotexts. A significant rise in consumer complaints to the FCC, reports from non-governmental services that block robocalls and robotexts, and anecdotal and news reports make it clear that scammers are increasingly using text messages to target American consumers.”

Smishing attacks can vary in tactics, sometimes employing tactics like the “wrong number” ploy to prompt inadvertent clicks:

Smishing message example

Or, sometimes, they pander to more basic instincts with the promise of cash rewards:

Example of Smishing Message

If you are in the United States, the current time is ripe for an increase in a different type of SMS attacks: the political donation scam.

As we near the November 2022 midterm elections, political campaigns gain significant attention and become hot topics in the news. Hackers are well aware of this trend and leverage SMS as a tool for social engineering. They exploit our anxieties and hopes for the future, using SMS messages to tempt us into vulnerability by commenting on topics that matter deeply to us: campaign pledges regarding healthcare and education, rival candidates from different parties, economic outlooks, and even details about campaign events and fundraising appeals. A single provocative message can easily provoke an unwary recipient into making an ill-advised response, thereby putting themselves at risk:

Smishing Message Example

Smishing Example

Because politicians can and do use SMS messaging as a campaign tool, we are primed to view a text from an unknown number with less scrutiny. This means attacks like these can be especially effective.

Help protect yourself and your personal information against SMS attacks with the following quick tips:

  • If you do not recognize the text or call number, do not click the link.
  • Resist responding to the text, even if the message requests that you “text STOP” to end messages.
  • If a text is suspicious, just delete it.
  • Ensure your devices are updated to the latest software version and turn on automatic updates if available.

 

Source: https://www.sans.org/blog/tis-the-season-smeason-for-smishing/

 

About DT Asia

DT Asia began in 2007 with a clear mission to build the market entry for various pioneering IT security solutions from the US, Europe and Israel.

Today, DT Asia is a regional, value-added distributor of cybersecurity solutions providing cutting-edge technologies to key government organisations and top private sector clients including global banks and Fortune 500 companies. We have offices and partners around the Asia Pacific to better understand the markets and deliver localised solutions.