What is smishing?
We often get spam SMSes. They are not only annoying but sometimes they can be dangerous, too. Attackers often harvest the phone numbers of potential victims and send them malicious SMSes that usually contain a link or a number to call back to. When a user clicks on the link or calls the number provided, he falls prey to the scam. This type of scam is called smishing.
A typical example of smishing will be an SMS like this:
We’re confirming you’ve signed up for our dating service. You will be charged $2/day unless you cancel your order clicking on the link http://somescam.com
If a victim clicks on the link, he may be redirected to a malicious website that spreads malware or to a fraudulent website that looks identical to a legitimate website. The user may also compromise sensitive credentials or other personal details.
Smishing is a type of phishing scam in which attackers use SMS or Short Message Service to deceive users. Attackers often use smishing to steal sensitive information from users or to spread malware.
The term “smishing” is derived from the words “SMS” and “phishing.” An SMS is typically used in this type of scam, hence the name.
Some real-life examples of Smishing
Amazon Phishing Scam
This smishing scam appeared in January 2017. In this scam, a victim typically gets an SMS as mentioned below:
Order Confirmation (#101-2341765-1192723)Order total: 70$
If you did not authorize this purchase, click http://bit.ly/amazon-refund to Cancel and Refund.
As usual, the link points to some fraudulent website that looks quite identical to Amazon’s website and asks for sensitive credentials from the victim. The fake website even asks to enter credit card numbers to the victims. No doubt, on providing such sensitive details, the victim’s Amazon account, as well as financial details, get compromised.
However, if you look carefully, you can notice some pointers that indicate the SMS is not legitimate.
- It should have been written as $70 and not 70$. Legitimate SMS should not make this mistake.
- It is unlikely that Amazon will send a link using such a URL-shortening service.
However, if a user receives such unexpected text, the best way to deal with it is not to visit the provided link but to log in to the legitimate Amazon website and verify the active orders. The user can also call Amazon customer care and clarify.
Apple Phishing Scam
This smishing scam appeared in 2016. A victim typically gets an SMS as mentioned below:
In this case, also, if a victim clicks on the link, he is redirected to a fraudulent website that looks identical to the legitimate Apple website. The website asks for sensitive credentials from the victim.
However, if any user gets such an SMS, the best response would be not to visit the link but to log in to the …
0 Comments