SMS phishing, or smishing, is an SMS (Instant Message or IM) sent from a fake person or entity that uses social engineering techniques to entice recipients to reply with sensitive information or visit a URL that will download malware or solicit sensitive information.
TIPS: Check It Before You Click It
Find Out Where SMS Links Go
Your smartphone or tablet lacks a cursor, so it’s harder to make hovering over links a habit. You can still find out a link’s true destination.
- Each device can require a different gesture: check how to activate the pointer on your smartphone according to the device type and operating system for checking URLs.
- In the menu, make sure that the web address is recognizable and seems to be related to the content of the SMS.
- If the web address looks unrelated to the SMS’s message or the sender’s SMS domain, don’t follow the link.
When you receive an SMS, pause for a moment
- Attackers count on your immediate action from messages that communicate urgency
- Take the time to really read an SMS before deciding to do anything with it
- Phishing SMS will also be easier to spot if you are less distracted
- If someone you are familiar with sends you an unexpected SMS containing a link or attachment, you should be suspicious
- Send an instant message, make a phone call, or speak directly to the person you think sent the SMS to verify the message’s authenticity
To summarise, if you think you’ve received a suspicious SMS, the only action to take is to delete the message immediately.
Your contribution will reduce security incidents and help protect other colleagues from a SMiShing attack.
Ben Beardwell