At this time, technology reaches all types of devices, both desktop and mobile. Furthermore, the vast majority of them have an Internet connection with the advantages and dangers that all this brings with it. Next we will talk about a type of attacks that are increasingly common and dangerous.
In fact, in these same lines we are going to talk to you about smishing, an increasingly used and common attack technique that many of you have surely been victims of without realizing it. As is usually the case, in this case what the attackers are looking for is to get hold of private data to misuse it, sell it, or even steal money from us. Below we are going to explain what it is and how you can avoid all of this as much as possible.
What is smishing and how does it reach us?
The first thing we must take into consideration is that in this specific case we are referring to a type of computer attack that in most cases reaches us through an SMS to our mobile phone. Therefore, these types of devices that we almost always carry in our pockets are the ones that are used as a means of arrival for this type of malware. In fact, we could say that this is a term that comes from the combination of SMS and phishing.
Therefore, we could affirm that smishing is a derivative of the well-known phishing attacks focused on short messages that arrive on our mobile phone. In this way, attackers send deceptive text messages in order to convince potential victims in one way or another to share personal and financial information. Precisely for all this we told you before that you have surely been victims on more than one occasion, or at least they have tried to deceive you with this attack technique.
What are the objectives of these attacks
Obviously the text message or SMS we are talking about does not come empty. It reaches us through a cybercriminal pretending to be a legitimate entity such as a social network, our bank, the electric company, a public institution, etc. All of this has the main objective of stealing private information from us that is then sold or used for some type of scam.
In most cases, this message includes a fake website where the personal data they want to steal is requested, including banking information. Here, information related to accreditation in different online services can also be included, which is subsequently sent to the attacker’s server. Thus, clicking on these fake links is when harmful software or applications are downloaded to the terminal.
And like email-based phishing attacks, these deceptive SMS appear to come from trusted sources. They also use urgency, curiosity or fear techniques to manipulate the victim so that they provide personal data almost without realizing it. This includes official documents such as your ID or driving license, platform access credentials, our Social Security number, or even bank details.
Not only that, on certain occasions the text message that we mentioned about the smishing attack invites us to call a phone number. Whether due to fear or urgency that the SMS tries to make us feel, we do not realize that it is a special rate number.
Common types of smishing
This is a type of attack that has been with us for several years trying to deceive millions of victims around the world. Hence, there are several formats to try to convince potential victims to share their private data, and they are the following:
Account verification. In this case, the potential victim receives a message where the supposedly trusted company warns us about unauthorized activities and urges us to verify the personal data of the account.
Awards. We may also receive a fake SMS in which we are notified that we have won a prize and to claim it we must provide personal information. Sometimes they even ask us for a small amount of money to collect the full amount later.
Technical support. Here users receive a message warning them of a problem with the device and they make us call a technical support number.
Bank fraud. In principle, here we receive a message from our bank warning about unauthorized or suspicious transactions and they ask us for the corresponding access credentials to our account.
Tax scams. On the dates in which we file the income tax return, SMS messages supposedly from the Tax Agency become common. These threaten sanctions and invite users to provide personal or financial data to avoid them.
This is how you avoid scams of this type
We are increasingly accustomed to this type of attacks, but there are still victims deceived by attackers. Therefore, it is preferable that we take some measures to avoid the smishing that we have told you about in these lines. The first thing is not to panic when we receive a text message of these characteristics. In case of doubt, it is always advisable to contact the entity that supposedly sent it to us to confirm its origin. For example, we can do this through the entity’s official telephone number.
It is also important to know that the Tax Agency, our electricity company or the bank will never ask us for access credentials in this way or any other way. At the same time, we should never provide our bank details even when the entity asks us for them via text message or email. What’s more, generally if we look at the Internet addresses attached to these SMS, we will quickly realize that they are not legitimate. We just have to stay calm and check the URL carefully.
