Most of us have had to deal with rampant phishing emails at some point or the other, but the latest social engineering trick targets the device that we carry with us at all times – the mobile phone. SMiShing is an evolutionary form of phishing that uses text messages and SMS services to target people and extract private information.
Such messages are textbook representations of social engineering exploits that make use of a ‘bait’ and a ‘hook’. The bait is represented by any content that instantly attracts attention and instills a sense of urgency. For instance, winning a lottery worth millions of dollars is a commonly seen bait. The hook is either a phone number or a URL that the victim needs to call/text or visit respectively.
A victim who falls for the bait is then asked to submit personal details of varying nature. This includes credit/debit card details, bank account details, contact information and more. Subsequently, this information is misused in clever ways to derive monetary benefit for the attacker.
What makes SMiShing effective?
What mobile users must do
Users should be aware of the various kinds of baits that they can be exposed to. For example; a frequently used bait is one which describes that a user has been registered for a service and needs to contact a specific number or visit a certain URL to cancel the registration. Other baits mention that some amount of money has been charged and this elicits a response.
Here are some tips and points that all mobile users should pay attention to:
Attackers prey on the virtues of trust and goodwill and more often than not, it is the ignorance and carelessness of victims that lets them win. An effective solution like Quick Heal Mobile Security allows you to block spam messages and create black lists of numbers to block. As a result, SMiShing dangers are considerably reduced. Along with a robust security solution we also encourage and recommend the spread of awareness about this issue.