FROM PHISHING TO SMISHING | A New SMS scam wave is hitting your message box

Srinagar, Jan 21: In an era where billions of the global population own a mobile phone capable of sending and receiving text messages, cybercriminals have found a new playground for their malicious activities – SMS communication.

Known as smishing, or SMS phishing, these attacks have become increasingly prevalent, exploiting the fact that people are more likely to open an unknown SMS compared to an email from an unfamiliar sender.

Smishing attacks have become a favoured method for hackers.

According to recent statistics, nine out of 10 individuals are inclined to open an unknown SMS, providing hackers with an advantage over traditional email phishing.

Smishing attacks encompass a variety of deceptive strategies, each designed to manipulate users into revealing personal information or installing malware on their devices.

Here are the seven most common smishing attacks and how to defend against them:

Exploiting the rise of e-commerce, hackers send fake delivery notifications containing tracking links. Users are urged to remain vigilant, as legitimate delivery companies use direct links to their domains, unlike scammers who employ URL shorteners or spoofed domain names.

Leveraging financial institutions as cover, and smishing attacks create a sense of urgency regarding funds or unpaid bills. Users are advised to never click on links in such messages and instead log in directly to their bank or credit card accounts to verify any issues.

Playing on the excitement of winning, smishing attacks claim users have won a contest and lure them into clicking malicious links. Legitimate contest organisers primarily use email for notifications, making any SMS claims suspicious.

Hackers exploit the rise of two-factor authentication (2FA) by sending fake messages about compromised accounts. Users should be reminded never to share 2FA codes and consider using authenticator apps for enhanced security.

Taking advantage of tax season, hackers prompt users to click on links to settle supposed tax issues or claim fake refunds. Users are reminded that legitimate communications from tax agencies occur through email or physical letters, not SMS.

Capitalising on the desire to impress superiors, hackers use CEO fraud to manipulate employees into urgent tasks via text messages. Employees are cautioned to verify such requests through proper channels before taking any action.

Some smishing attempts are deliberately outrageous, targeting individuals who may be more susceptible to scams. While users may not be the direct targets, awareness is crucial, especially for older relatives who might fall prey to such tactics.

Defensive Measures

The most effective defence against smishing attacks is to ignore and not engage with suspicious messages.

Users are advised to trust official channels for communications from government agencies and financial institutions.

Additionally, proactive security awareness training can equip individuals and organisations with the tools to recognise and respond to various cyber threats, fostering a security-minded culture.

As hackers continue to adapt and exploit vulnerabilities in SMS communication, the importance of staying vigilant and informed has never been more crucial.