When people think of phishing attacks, a few stock images come to mind: the malicious email, a screen-sized lock icon, and, of course, the long headache that follows. But like all exploits, phishing attacks continue to evolve in complexity and subtlty. Recent trends show a marked increase in “smishing” – SMS phishing – attacks, where hackers leverage text messages to gain sensitive user information.

Smishing has gained traction for a number of reasons. Unlike your inbox, incoming text messages are not subjected to traditional spam filters and authentication systems. Without this initial line of defense, malicious text messages can easily slip into your phone. This effect is compounded by the fact that text messages often reflect a mix of business and personal correspondence. The familiar, often varied, threads in one’s inbox can obscure otherwise suspicious information.

Along those lines, there is also something to be said for user fatigue. Given the volume of texts that mobile users receive per day, hackers exploit their target’s dropped defenses to steal information. These attacks can take many forms, often disguised as urgent alerts that require an immediate response. Security updates, locked credit and debit cards, compromised account information. All of these have appeared in past SMS phishing attacks, their success hinging upon knee jerk reactions. And in many cases, when users click on malicious SMS attachments, they are redirected to images, rather than websites. Unlike websites, which have a certain degree of built in defense, images are more difficult for monitoring systems to parse, leaving users vulnerable.

So what can you do to protect yourself against smishing?

  • Always check your message’s sender – do you recognize the contact?
  • Remember that legitimate companies will not ask for personal information over text
  • Never click on hyperlinks that may appear in the message, or offer up sensitive information
  • If you are directed to a website, ensure that web filters are alerting you to potentially malicious content
  • Understand that smishing is not limited to texting – WhatsApp, Facebook, and Skype messengers are all potentially vulnerable

Would you like to share your thoughts?