Everything You Need To Know About "Smishing" | Threatadvice

What is “Smishing”?

SMS phishing, known as “smishing,” is a phishing attack through SMS messaging. These attacks look like text messages from reputable companies that ask their targets for personal information or to click a malicious link.

98% of SMS messages are read within one second of being received. 

This statistic makes SMS phishing very attractive to scammers and hackers. SMS phishing has been on the rise due to the rapidity of text messages and the simple fact that most people own smart phones with the capability to fill out information and click links. Many businesses and institutions have started sending confirmation links and messages through SMS. Cyber criminals have taken advantage of this and turned it into an easier way to breach personal information and businesses’ confidential data.

Defend Against Smishing

The importance of education and prevention against SMS phishing attacks and breaches is just as important as any other cybersecurity measure that you or your business is already taking. These attacks can be even less suspicious than email attacks and other forms of cyber security breaches because they are becoming so common and people are so quick to open them. Hackers will use your bank or mailing service to send messages that look legitimate to you. Beware of unsolicited text messages that appear to come from a bank or mailing service.

Cybersecurity practices against SMS phishing lines up with practices you take against email phishing scams. It is important to remember never to give out personal or financial information to unsolicited or unknown sources, especially over the phone. This cannot only put yourself at risk, but also your business or workplace. Employees clicking links that have access to company databases, company information, or even company emails can cause a breach.

Education is Key

Education, just like an email fishing scams, is the key to defending against SMS phishing attacks. Through cybersecurity training people and employees will know how to handle an SMS phishing scams when they do receive them. So many SMS phishing scams are disguised as bank institutions or even mailing institutions that feel official. Knowing the proper steps to take is crucial.

What should you do when you receive an SMS Phishing Scam?

Some tips when it comes to protecting against SMS phishing line up nearly one to one with protecting against email phishing attacks. Traditional cyber security training for phishing attacks can translate over to training for SMS phishing attacks.

1. Never give out personal information.
2. Do not click unsolicited links.
3. Read the message closely. Check for spelling errors and grammar mistakes.
4. Look into the sender‘s telephone number. Check to see if the phone number matches the company’s phone number. If you have received legitimate SMS messages from that company or institution before, check to see if the phone number matches previous messages you have received.
5. Check for verbiage such as “act fast” or sign up now or any language that is pushy, encouraging a quick action.
6. When in doubt, give a call to the institution to inquire.

More insight to SMS Phishing can be found in this episode of NXT Up! with Ben Halbrooks and Ryan Whitley from NXTsoft.

Take Preventative Action

People give out information over the phone like they never have before and feel confident in smart phones’ abilities to relay important information and important data. It is increasingly more important to focus on the cyber security side of mobile phones and smart phones to keep that information and data protected from cybercriminals.

ThreatAdvice by NXTsoft has always provided an email phishing simulation for businesses to train employees on cybersecurity practices and prepare them for a real phishing attack. ThreatAdvice now offers an SMS fishing simulation which can be pivotal in cybersecurity practices in training employees on how to handle these "smishing" attacks.