Smishing is a type of phishing that has been around for a long time but has become more prevalent and dangerous in recent years. We're taking a look at what a smishing text is and how to prevent smishing from being dangerous to you.
What Is a Smishing Text?
Most people have heard of phishing scams. Phishing is when a cybercriminal sends you an email trying to tempt you to click on a link and enter some personal details or click on an attachment to infect your computer with some type of malware.
Smishing is very similar to phishing, but rather than emails, it involves text messages. We've already taken a look at how to spot phishing emails, and the steps are very similar for spotting smishing texts.
Cybercriminals send text messages to your phone to try and tempt you to click on a link. Unfortunately, when you click on the link, it's the same as phishing - you will be lured into entering personal information so criminals can steal money from you. This is why it's dangerous and why it's so important to know how to prevent smishing.
Rise in Popularity
There has been a huge rise in the number of smishing attempts in recent years. To understand why, you have to look at SMS messages' read and response rates compared to emails.
According to Gartner, 98% of text messages are read, and 45% receive responses. Comparatively, email open rates are relatively low, averaging around 20%. This makes the overall results of a phishing campaign relatively low-performing, whereas a smishing campaign can be much more successful.
Where there is a weakness, cybercriminals will take full advantage. We've seen plenty of smishing attempts pretending to be COVID-related, as well as texts from banks, courier services and payment portals like PayPal.
Can you really learn how to prevent smishing? No, not really - like email phishing, it's really hard to stop the messages coming through completely. The important part of smishing prevention is to educate yourself on how to handle them so that they can't scam you.
1. Don't Click on Any Links
The first tip for how to prevent smishing is to take a breath and not rush into clicking onto any links. These text messages are designed to make you want to click and fast. Many of them tell you that if you don't act quickly, you'll lose money or that you've been hacked, because those are most likely to make us panic. However, if you take your time and look at the content of the message and, in particular, the link itself, you will soon know that it's a scam.
This message is one that Jonathan, our managing director, received recently. The domain in the link is 'relieve.com'. If you visit this site – we did it for you, so you don't have to risk it! – it takes you to a Spanish website that sells panes of plastic. Not exactly what you would expect when trying to claim money from the NHS.
If you have already clicked a link and entered personal information, such as bank details or password information, then you must act quickly. Phone your bank or change your password for any applications that may have been or might still be compromised.
2. Don't reply to messages
The second tip is not to reply to these messages. Sometimes we get a text message which says something like 'If you no longer wish to receive these messages, please send the word STOP' - don't do that, even if it sounds like easy smishing prevention.
Replying might actually result in you receiving even more of these messages; scammers might not know if these numbers are live or not, and when you reply, you confirm that yours is.
Of course, this smishing prevention advice is only for people or businesses you don't recognise or to whom you haven't provided contact information. Some legitimate companies do employ SMS marketing techniques. If you recognise the company or were expecting the text, you should be able to safely use the 'reply with STOP to unsubscribe' function.
3. Phone the company
This is the easiest way to check if a message is legitimate or not and an important step in how to prevent smishing. If you receive a text message supposedly from an organisation, all you have to do is find the organisation's contact information online – don't use the number from the text – and contact them through their official channels.
If the text is real, they'll be able to confirm it. If it's not, many larger organisations will have a smishing prevention protocol to report the text, so others are less likely to be scammed. To report a smishing text yourself, you can simply forward it to 7726 – this will flag it to your service provider.
4. Don't install any apps
Smartphones can become infected with malware just as easily as computers. Sometimes you will get a text message asking you to click on a link to download an app to your phone. Don't do it.
Like in phishing, when scammers want you to install malware onto your computer, the scammer wants you to download something that could allow them to do a whole host of things like steal money, remove data or make unauthorised purchases. Only install apps you trust from the official App Store or Google Play.
What if My Phone Gets Infected?
If you have clicked on a link that you think might have been suspect, or you have reason to believe your phone might be infected with malware, there are a few signs you can look for:
- Excessive memory usage
- Battery draining more quickly than you would expect
- Pop-up messages while using your smartphone web browser
If you think your phone is infected, your best bet is to make sure you have a backup of your photos, contacts and other information, factory reset the phone and start again.
Cybersecurity doesn't end with computers – any technology is liable to face hacking and malware, and the ways of going about it are only getting more sneaky. We hope you feel more confident in identifying what is a smishing text and what is not.
If you're concerned about how to prevent smishing in your business, please get in touch with us today – we offer cybersecurity and consulting services to keep your business safe. For more security tips and tricks, including how to recover from ransomware if you get infected, check out our blog.