We are becoming increasingly aware of the problem of phishing, but what do we know about smishing? Hackers are always one step ahead and constantly coming up with new and creative ways to attack us!
We’re aware of the risks of downloading malicious apps, but are we sufficiently aware of the risks associated with smishing? After decadesof sending fraudulent emails (spam, scams, CEO fraud, etc.), hackers are now turning to SMS fraud as well. And for good reason! Many users, while aware of the risks associated with phishing, are nevertheless less vigilant when it comes to checking their text messages.
Smishing by the Numbers
The open rate for text messages is around 95%. (Médiamétrie)
Text messages have thus become—along with email—one of the preferred communication channels used by hackers to “phish” users and/or inject malware (such as Trojans and viruses) into a digital system.
LookOut, a mobile security specialist, reports that in 2020, SMS phishing attacks increased by 37%. Furthermore, depending on the number of mobile devices involved, this type of attack can cost up to $150 million.(source: globalsecurity mag).
What is smishing?
A portmanteau of "SMS" and "phishing," smishing involves sending a message to a mobile phone that prompts the recipient to take an action, such as providing confidential information (contact details, financial information, account numbers, PINs, etc.), calling back a number urgently, clicking on a fraudulent link, attachment, or image, and/or being redirected to a malicious website.
Scammers use the same tactics and characteristics as phishing emails to trick users into taking action:
- Use trusted institutions or government agencies (banks, tax authorities, public service organizations, service providers, etc.)
- psychological manipulation: urgency, enthusiasm, curiosity, fear, trust, anxiety, empathy…
Just as with phishing attacks, the consequences can be disastrous: data theft, identity theft, espionage, and the theft of passwords, codes, and bank details.
How can you protect yourself from a fraudulent text message?
- Be cautious if the phone number seems suspicious.
- Conduct an online search to verify whether the number is legitimate or part of a smishing scam.
- Call only valid, official numbers.
- Do not reply to text messages that imply urgency, or that ask for a code, username, or password change…
- Do not click on links, attachments, or images sent via text message. If the message comes from someone you know (a colleague, supervisor, friend, etc.) and contains an unexpected file or link , always verify it by contacting the sender directly.
- Avoid downloading or installing apps from links sent via text message.
- Never share any information, confidential data, or personal or professional information.
- Don't forward text messages (chain letters, petitions, fake news).
- If in doubt, never press it.
We know this. To this day, humans remain the weakest link in cybersecurity. This is especially true as the channels for cyberattacks—real “opportunities” for cybercriminals—continue to multiply. And indeed, forms of fraud are developing and evolving alongside technological advances: phishing, smishing, and vishing (voice phishing over the phone) are all threats that organizations may one day face and against which they must be prepared.
It is therefore imperative that people become a key asset for any organization. Surrounding oneself with informed and vigilant employees—who are aware of cybersecurity risks and trained to recognize and avoid phishing scams, regardless of how they are delivered (via email, text message, or phone)—is the key to any organization’s cyber resilience.
