Among the various types of cyber-attacks, a prevalent and common threat is ‘Smishing’. A mix of “SMS” and “phishing”, smishing involves criminals using text messages to trick victims into clicking on a malicious links on a text message, that might allow them to install apps or see your personal information, such as usernames, passwords or bank details. Much like traditional phishing, which is a form of an social engineering attack over email where scammers use emails to obtain sensitive information, smishing relies on deceptive text messages that look legitimate. These texts often pretend to be from trusted organisations like banks, government agencies, or well-known companies.
These text messages can easily trick users as they may appear to be from a trusted source – but remember, financial institutions will never send a text asking for credentials or the transfer of money.
Why smishing is on the rise?
Several factors have recently contributed to the rise of smishing:
- Smartphone Usage: People are increasingly reliant on smartphones for their daily tasks, making them more likely to respond to SMS messages.
- Sophisticated Scams: Attackers have become adept at mimicking legitimate sources, making it harder for users to recognise smishing attempts.
- Data Breaches: With data breaches more common, scammers can use stolen personal information, like your phone number, to send such messages.
- Higher Response Rates: Studies show that people are more likely to open and respond to text messages than emails, which makes smishing a particularly attractive tactic for scammers.
While smishing is growing more common, there are ways to recognise and avoid these scams. Here are some tips to stay safe:
- Be Sceptical of Urgency: Scammers often create a sense of urgency, claiming that you need to act immediately. Take a moment to think before responding or clicking on any links.
- Do Not Click on Suspicious Links: Avoid clicking on any links in a text from an unknown or unverified sender. Instead, go directly to the website of the organisation or contact them through their official customer service line.
- Verify the Source: If a message claims to be from your bank or a government agency, contact them directly to verify the message’s authenticity. Legitimate organisations will not ask for sensitive information via text.
- Be Wary of Personal Information Requests: Be cautious if a text asks for personal details, even if it seems like a minor request. Legitimate companies rarely request personal information over SMS.
- Use Security Software: Many security apps and antivirus software can detect and block phishing attempts, including smishing attacks. Make sure to keep your software up-to-date.
- Report Suspicious Texts: Most phone carriers have ways to report smishing attacks. also you can forward any suspicious texts to 7726 (SPAM) so the NCSC and others can gather more information about these scams.
- Educate Yourself and Others: Smishing is a common attack, but not everyone knows about it. By staying informed and sharing information, you can help others avoid falling victim.
For further guidance on how you can spot phishing, please contact the NEBRC at [email protected] or sign up to our free core membership to keep up to date with the latest cyber security matters and keep your business safe online.
The NEBRC is a non-profit organisation that aims to educate, inform, and support businesses in the North East, Yorkshire and The Humber by staying protected against cyber threats.