What is SMiShing?

SMS phishing, or smishing, is an SMS (Instant Message or IM) sent from a fake person or entity that uses social engineering techniques to entice recipients to reply with sensitive information or visit a URL that will download malware or solicit sensitive information.

IT Security

TIPS: Check It Before You Click It

Find Out Where SMS Links Go

Your smartphone or tablet lacks a cursor, so it’s harder to make hovering over links a habit. You can still find out a link’s true destination.

  1. Each device can require a different gesture: check how to activate the pointer on your smartphone according to the device type and operating system for checking URLs.
  2. In the menu, make sure that the web address is recognizable and seems to be related to the content of the SMS.
  3. If the web address looks unrelated to the SMS’s message or the sender’s SMS domain, don’t follow the link.

When you receive an SMS, pause for a moment

  • Attackers count on your immediate action from messages that communicate urgency
  • Take the time to really read an SMS before deciding to do anything with it
  • Phishing SMS will also be easier to spot if you are less distracted
  • If someone you are familiar with sends you an unexpected SMS containing a link or attachment, you should be suspicious
  • Send an instant message, make a phone call, or speak directly to the person you think sent the SMS to verify the message’s authenticity
SMIShing

To summarise, if you think you’ve received a suspicious SMS, the only action to take is to delete the message immediately.

Your contribution will reduce security incidents and help protect other colleagues from a SMiShing attack.

author avatar
Ben Beardwell