The Rising Threat of SMiShing reaches millions of mobile users

Most of us have had to deal with rampant phishing emails at some point or the other, but the latest social engineering trick targets the device that we carry with us at all times – the mobile phone. SMiShing is an evolutionary form of phishing that uses text messages and SMS services to target people and extract private information.

Such messages are textbook representations of social engineering exploits that make use of a ‘bait’ and a ‘hook’. The bait is represented by any content that instantly attracts attention and instills a sense of urgency. For instance, winning a lottery worth millions of dollars is a commonly seen bait. The hook is either a phone number or a URL that the victim needs to call/text or visit respectively.

A victim who falls for the bait is then asked to submit personal details of varying nature. This includes credit/debit card details, bank account details, contact information and more. Subsequently, this information is misused in clever ways to derive monetary benefit for the attacker.

What makes SMiShing effective?

  • The single biggest contributory factor to the rise of SMiShing is the fact that people carry their mobile phones with them at all times. This gives attackers plenty of opportunities to send tempting messages as the receivers view the messages almost immediately.
  • A majority of mobile users are still unaware about such persistent and pervasive threats. Unfortunately, user ignorance is one of the biggest causes of the success of social engineering techniques.
  • Smartphone owners underestimate security threats pertinent to their devices and this increases their vulnerability. An effective security suite on a smartphone can prevent several threats.
  • If a victim responds to a smishing message, his phone number is validated. This leads to further targeted attacks for that number and also helps the attacker narrow down his list.

What mobile users must do
Users should be aware of the various kinds of baits that they can be exposed to. For example; a frequently used bait is one which describes that a user has been registered for a service and needs to contact a specific number or visit a certain URL to cancel the registration. Other baits mention that some amount of money has been charged and this elicits a response.

Here are some tips and points that all mobile users should pay attention to:

  • DO NOT fall for scams, gifts and offers that appear out of the blue
  • DO NOT click on the links (for smartphones) that appear in such messages
  • DO NOT call back on numbers that claim to offer gifts and benefits
  • DO NOT panic if the SMS makes some dubious or nefarious claims
  • DO NOT fall for a fake sense of urgency created by them
  • DO check with the official website of a company for any offer that is mentioned
  • DO contact local authorities if the same number or SMS persists
  • DO be cautious if an SMS asks for personal and financial information
  • DO look out for spelling mistakes, grammatical errors or inconsistency of language
  • DO have an anti-spam solution in place and update your OS regularly

Attackers prey on the virtues of trust and goodwill and more often than not, it is the ignorance and carelessness of victims that lets them win. An effective solution like Quick Heal Mobile Security allows you to block spam messages and create black lists of numbers to block. As a result, SMiShing dangers are considerably reduced. Along with a robust security solution we also encourage and recommend the spread of awareness about this issue.

Rahul Thadani

Rahul Thadani


12 Comments

Your email address will not be published.

CAPTCHA Image

  1. Thanks for the information, does quick heal provides solution for Samsung galaxy tab 2 310

    Reply
    • Rahul Thadani Rahul ThadaniSeptember 7, 2012 at 10:18 AM

      Hi Akshay,
      You can utilize Quick Heal Mobile Security for Android based tablets. You can either purchase the same from the Quick Heal website or purchase it from Google Play.
      Thanks.

      Reply
  2. Information is clear, crisp, well organized and useful.
    Please keep updating us.

    Reply
  3. Thank you so much for the information. I am telling everyone to read this blog. Great work.

    Reply
  4. Thanks for giving such a good advice.

    Reply
  5. Avatar Rakesh kumarSeptember 7, 2012 at 1:49 PM

    Thanks for information about the hidden threat of mobile.

    Reply
  6. Thanks for the Info……!!!

    Reply
  7. There are so many SMSes and emails comes with enticing awards. When try to unsubcribe to the email, their website come. How to block or unsubscribe these emails. Or just delete it?

    Reply
    • Rahul Thadani Rahul ThadaniSeptember 18, 2012 at 10:30 AM

      Hi Taka,
      It is best to just delete and ignore such mails. In many cases, when you try to unsubscribe you acknowledge the legitimacy of your email account.

      Reply
  8. Hey!! I have recently received many messages asking me to give my personal info to them as i have certain amount of money in some lucky draw……..another message comes to my mobile very often in which a girl asks me to talk to her after 8 pm…………i am aware that both of them are certain kind of spams and wanted to know that should I forward these messages to 8600044733 directly, i mean without adding anything(such myu name,number from which i have been called .etc.)??????????
    Note: The no. of party who wants me to call at night has always a no. starting with 5432****** !!

    Reply
  9. Avatar Brajesh KumarOctober 11, 2012 at 4:01 PM

    Good…

    Reply