Pay Attention to Smishing, the Latest Cyber Threat to Your Phone

Remember when sending and receiving ringtones and pixelated drawings on your Nokia 3310 was all the rage. We understand that some of you were probably too young at the time, but you must have at least seen pictures of the legend that was the 3310, and now that the image comes back to your mind, you can appreciate just how much mobile phones have evolved over the last couple of decades.

Indeed, back in the days, mobile phones gave you little more than a way of communicating on the fly and, of course, countless hours of entertainment playing Snake II. Nowadays, mobile phones are used for shooting photos, playing music, transferring files, and opening Internet links. This last functionality has given rise to smishing, a new threat targeting smartphone users.

Those of you with interest in cybersecurity have probably figured out what smishing is. It stands for "SMS phishing," and if you know how phishing works, you should have no problems learning what smishing does.

How does smishing work?

Smishing attacks leverage the fact that organizations you do business with might sometimes use text messages to communicate with you. In most cases, we're talking about banks, though we have seen smishing attacks targeting users of a whole host of services. The hackers first put together a login page that looks like the one that belongs to your service provider. Then, they either host it under a domain they've bought, or, and this is the more likely scenario, they compromise a poorly secured website and put it there.

Finally, they send you a text message containing a link to the fake login page, hoping that you'll first follow it, and then enter your username and password which, as you can imagine, will be relayed to them. Criminals often use scare tactics to urge you into action in the hope that you'll be in too much of a hurry to spot any warning signs.

Smishing vs. Phishing: Which is more likely to succeed?

Of course, the answer to this question is dependent on many different factors, including the criminals' social engineering skills, the potential victims' security awareness, etc. It's not difficult to see, however, how a smishing attack could end up being the more effective weapon.

For one, while phishing has been around for a while now, smishing is a relatively new concept, and fewer people are aware of it. Furthermore, while you know that your bank wouldn't be contacting you from a Yahoo! email account, you can rarely tell if the phone number sending you that text message is legitimate or not. In addition to all this, the smaller size and the lack of a mouse on touchscreen devices make inspecting links before visiting them almost impossible.

On the other hand, sending out large volumes of emails is easier and cheaper than sending out the equal number of texts, and thanks to the economies of scale, phishing remains much more popular. This could change, though.

All in all, if the crooks are good enough, both smishing and phishing remain extremely lucrative schemes for stealing sensitive data and compromising people's accounts. Criminals are unlikely to give them up any time soon which is why you should be extra careful with the links both in your email inbox and in the SMS messages you receive.

July 16, 2018