Smishing Awareness Training

Introduction to Smishing scams

In 2006 the term Smishing was coined to define a type of phishing attack carried out via SMS text messaging. This type of attack has remained relatively obscure until recent years: over 300% of SMS-based scams have been reported after 2020. Consequently, we are all potentially victims as owners of at least one mobile device. Compared to phishing sent via email, smishing is much more direct because we use messaging or SMS applications much more often than email and also the messages are displayed directly on the device.

Description and consequences of Smishing scams

Have you ever received SMS’s from numbers not in your phonebook that pretend to be well-known brands or banks and invite you to click on a link, download an application or dial an unknown number? If the answer is yes, you have probably been the victim of one of the most common examples of smishing!

Smishing is the union of the words phishing and SMS and can be delivered via text messages and instant messaging applications. The intent of the attackers is to obtain sensitive and confidential information from the victims.

We have two main types of smishing

• SMS regarding orders, refunds or cancellations with the aim of deceiving the user, who falls into the trap, calls the number and provides personal data.
• SMS that contain links to access a malicious web site aimed at stealing the user's digital identity, personal or banking details.

The goal of these malicious scammers is to have access to your sensitive data, to infect your device with malware or to extort money from you.

Why we fall for Smishing scams

98% of text messages are read and 45% are answered: this is one of the reasons why Smishing is a very common practice. Also, people know some of the risks that can be hidden in emails, but they underestimate those related to SMS messages. 

Finally, we often use our mobile phones while we are distracted or in a hurry so we are not always ready to perceive a potential risk, which can also come from tools we use daily such as SMS or chat.

As for Phishing, Smishing also uses psychological lure such as fear and urgency that generate reduced clarity of thought.

Prevention (how to not fall for Smishing scams)

How can you recognize this type of SMS scam?

1. It almost always comes from an unknown number.
2. The SMS will tend to ask you to send money to someone, click on a link, download an application or software, respond by providing personal data, call an unknown number, redeem a reward.
3. Very often it contains an urgent request.
4. The URL address to click tends to have strange characters and does not match that of the institution, a Bank for example.

It is almost impossible to avoid receiving Smishing messages, but what to do to avoid falling victim?

1. Do not reply to a message from a number that you do not recognize or that seems suspicious to you. 
2. Do not click on a link or phone number of an unknown SMS. Look for the number or link on a search engine to potentially find out if it refers to an illegitimate activity.
3. Never share your passwords, no serious bank or institution would ask you for sensitive data via SMS.
4. Protect your phone number online by not sharing it on social media or websites.
5. Equip your device with security software.

Conclusion

You are now better prepared to recognize this type of attack! Think carefully before answering an SMS!