Cybercriminals are no longer attacking only via computer through Email Phishing; more recently, cell phones are a massive target for these hackers. As smartphones have been growing in popularity rapidly over the years, almost everyone has a smartphone no matter if it’s apple or android.
Phones are an ideal target for these cyber-criminals. Many people may be very new to using a smartphone and therefore much more susceptible to falling victim to a scam; people are 10x more likely to respond to a text than an Email. According to CNBC, in 2021, 30 billion dollars was lost to phone scammers in America, and in the UK, 45 million people fell victim to phone scams in the same year.
Text Phishing, also known as SMS Phishing or Smishing, is when a hacker sends a Phishing text to your phone. It works similarly to Phishing Emails, as they try to lure you into clicking a link that downloads malware onto your phone; or convince you to respond to them with personal details such as bank details or account logins. We all use our mobiles to store personal and private data, so how can we keep these secure?
The first method of smishing that we will be discussing is fake website links. Attackers will send text messages with unnatural website links that look real. These clone websites will be complicated to tell apart from the legitimate ones. If you get a text with a link bout an account for a website you do or don’t use that you haven’t been expecting, do not click on the link. Clicking on the link could automatically download malware onto your phone without entering any details. Entering your details if malware isn’t already downloaded gives cyber-criminals access to more information that may enable them to steal money, open credit cards and much more.
Another method that cyber-criminals use is the impersonation of colleagues or familiar friends. They may have done background research on your employer or online friends and attempted to replicate their details, such as name and Email address. If something seems wrong, like a new phone number or the wording doesn’t sound right, it is most likely not the person you know and instead is a scammer perpetrating to be them. Please do not click on the link that has been sent to you unless you are certain and have confirmed with your colleague or friend via another form of communication (phone call or face to face) that it is indeed them. Many people cannot even tell that they are being scammed this way as they do not take notice of the way a friend texts or their number, but to ensure your cyber safety, you need to take care.
Whale Spear Phishing
This specific form of smishing is aimed at high profile executives or CEOs. Texts such as these will pose as business associates, clients and employees of the business and usually comes in the form of an invoice or payment that ‘requires’ urgent attention to rush the receiver into giving the cyber-criminal their bank details or supposedly confirming them. This preys on the fast pace of modern life and technology, preventing the victim from stopping to think and assess the text received and its contents as they are under a false sense of urgency. Always check if the sender is valid and take the time to check with the supposed sender by other methods than the number you receive the text from.
If you receive a text claiming you have a package that is being delivered or has a link to ‘track your parcel’ that you aren’t expecting, do not click on the link. This also may be a scam. This often happens around the holidays, meaning that many different parcels may be delivered with all different couriers and different brands or stores that people may have bought from. It can be very confusing and, therefore, much easier to fall victim to scams during this time period. If you wish to track any parcels that you have ordered, use the original website that the package was ordered from, not a text that has been sent, as many of them are almost identical to the real thing; staying safe is better than being sorry.
This is a form of Smishing that is done over Voice mail (voice Phishing or Vishing) and is where the Cyber-criminal leaves a voice mail asking for a call back, again, to confirm bank details, personal information and account logins. Do not call the number back if you don’t recognise the company name. If the caller sounds realistic, contact the business or bank’s number shown on their legitimate website rather than the one over the voicemail. Talking to customer care or representatives, you can confirm if the call was fair. If the call was to confirm any account details or bank details, it is undoubtedly a scam as banks and companies do not do this as they already have your information if they need it.
To summarise, here are the main things to look out for:
- ‘Urgent’ security alerts
- Deals or gift card redemptions
- ‘Update your account information
- ‘Update your PIN.’
- Businesses or banks requesting to follow a link
- Number that isn’t recognised/ suspicious number
- Do not save credit or debit card details to your phone!
Although having a work phone can be massively beneficial in many areas, if someone were to fall for a smishing attack while using a work phone, they would be risking losing the business’s data and financial information or even the business’s IT networks. Employees and staff should all be educated on cyber security, such as Phishing, no matter what form it may come in. being able to recognise a potential threat is essential and follow through to avoid and report the issue to the relevant people.
The best thing to do is to do nothing. Please don’t click on it, don’t look at the link, don’t contact the sender and do not give them any details or data. Block, delete and move on. There isn’t a way to prevent getting Phishing attacks, only a way to avoid falling for them. Our phones are very vulnerable even though they are so advanced. We need to stay educated and protect ourselves.