Smishing (SMS Phishing) – Cyber Crime AlertApril 10, 2017 Leave your thoughts
Hopefully, by now, most of us will be aware of and – with any luck – wise to ‘phishing’ email messages, web-links or suspicious phone calls.
Whether having learned the hard way, or through the misfortune of others, we know not to click links in suspicious emails and to treat correspondence from banks, government departments or competition ‘wins’ with upmost scepticism.
What is Smishing?
‘Smishing’ or SMS Phishing is essentially the same as traditional phishing scams, only would be cybercriminals use your cellular phone or other mobile device as a conduit to gain access to your precious data or to offload a virus or malware.
So, the obvious course of action is as simple as it is effective – ignore anything even remotely odd received via SMS…especially if it appears to have come from your bank or building society.
If only it were that easy!
Ignorance is our weakness
As a relatively new phenomenon, Smishing is at its most potent when the majority of potential victims (all of us) are casually unaware.
This was shown to be true last month (March 2017) when three Santander customers where hit by Smishing fraudsters who got away with nearly £40,000. Another story emerged in February of a Santander customer who lost his life savings in an incident where mistakes were made by the bank as well as the unfortunate victim.
The one element of Smishing attacks which are somewhat ingenious – in the most heinous way of course – is that, unlike fraudulent emails, smishing SMS messages use number spoofing tactics and viruses to appear in existing message threads.
Most of us will be used to receiving the odd text message from our bank so it’s hardly a stretch to imagine a new message in an genuine thread slipping through the net.
What’s the worst thing about Smishing?
As the number of public Santander victims have found out, due to the ‘compliant’ nature of a Smishing attack, with victims essentially authorising fraudsters to access their accounts, the bank is not legally obliged to reimburse any lost funds.
An absolute nightmare situation, I think you’ll agree.
What’s your best form of defence?
The answer really is simple – just do the following and we’ll all be as safe as the days when we kept our cash in a mattress in the spare room…
TREAT ALL EMAILS AND TEXTS FROM YOUR BANK WITH THE ULTIMATE SUSPICION
The only way to be sure that correspondence from our banks or other authorities, such as the HMRC – I recently received and email altering me to a tax rebate I was apparently owed…too good to be true! – is genuine is to call official numbers and enquire.
I must admit I have received some very convincing phishing emails in the past and, if caught off-guard, could quite easily have hit a link and opened myself up to world of pain – it’s that easy. Take a look at this one, seemingly from Apple…
Assumptions of legitimacy are the mother of all mistakes..
You’re much better and safer to assume that the well-dressed salesman at your door has a shed-load of snake oil to get rid of!