Smishing, The Next Hacker Frontier
Getting more text messages from companies these days compared to a couple years ago? Most people receive many more, and most don’t know where they call come from.
Retailers and B2C companies are always hunting for new ways to get consumer attention. They really want to bypass bloated email inboxes and spam filters. Companies these days urge consumers to sign up for SMS alerts on shipment tracking and sales notices all the time, because it gets attention. The medical industry was quick to join the trend, considering how much easier it can make everyone’s life. Pharmacies send automatic pick up and refill notices, while doctor’s offices use text to remind patients about appointments.
Using texts like this offers a great deal of convenience. So, naturally, retailers and medical practices aren’t the only ones trying it. Hackers and cybercriminal groups also noticed how convenient texting is. We swear, these sorts of people finding new ways to phish are why we can’t have nice things.
Phishing, of course, is a criminal practice by which a hacker gets sensitive data from a victim by pretending to be an authorized person needing the information. When this is done by SMS, it’s called “smishing” because jargon always multiplies.
To illustrate the point, in 2020 smishing rose by 328%. During the first half of 2021, it skyrocketed nearly 700% more. Phishing by using SMS presents a huge and developing risk, especially as companies change data security procedures to accommodate a more remote and mobile workforce.
How Did I Text Myself?
Gotten a text message and it looks like you’re the sender? No, you’re not in the horror movie where the call is coming from inside the house, it’s a smishing scam that’s quickly making the rounds. The idea here is to cause confusion, because confusion is good for scammers. That confusion makes the victim click a malicious link within the message to try to find out what’s going on.
Con artists make the text message appear to come from your own number, using VoIP connections and spoofing programs to create the illusion. We here at NoContractVoIP never work with those kinds of people, and we wish they’d stay out of our phone systems, but unfortunately it is a public utility.
Texts coming from your own number back to you offer a giant pulsing neon sign that it’s an SMS phishing scam. Don’t interact with it, open it, click it, just delete it asap. Some cell phone carriers offer options to delete and report, use those if they’re available.
Popular Smishing Scams to Avoid
Smishing puts people in a lot of danger because very few people know about it. We hold a false sense of security about our cell phone numbers. We think the only people who have our numbers are those we’ve given it out to.
Unfortunately, that’s not true anymore. Cell phone number are obtained both through legitimate and illegitimate methods. Advertisers can purchase lists of mobile numbers online. Any business data breach that exposes customer information can be grabbed on the Dark Web, including mobile numbers.
Less than 35% of the population knows what smishing is.
Phishing email scams morph quickly, and SMS scams are the latest direction they’re taking. They look a lot different, are much more difficult to detect, and people fall for them quicker.
SMS scammers don’t have an email address to see if the message is legitimate. Nobody knows the number that real Amazon shipping updates or electric company updates come from.
Text messages also often use shortened URLs, like bit.ly. They exist for Twitter, with it’s harsh character limit, but they also mask the real URL and it’s not as easy to hover one’s mouse over the link for the real target on a phone.
Always be aware of what’s out there. We collected some of the popular phishing scams that might appear in a text message near you soon.
Problem With a Delivery Scam
Everyone loves packages. This smishing scam leverages that we often don’t remember what we even ordered, or if someone is sending a gift, and purports to be from a known shipper like USPS or FedEx. The text says that a package is held up for delivery to you because the company needs more details.
The link within the text message takes users to a pre-generated form to captures personal information used in identity theft. One possible tactic is to ask for a small monetary sum to release a package. Scammers created the site to get your credit card number and info, they don’t care about the tiny fee.
Fake Appointment Scheduling
This scam recently fell on a community in South Carolina. The community had recently gotten AT&T fiber internet lines installed in their neighborhood. Following the large scale installation, AT&T created a customer drive to sign people up for the service.
During the publicized drive, one homeowner received a text message that pretended to be from AT&T about scheduling his fiber internet installation. He got suspicious because the address the message gave was wrong. The scammer was trying to get him to text back personal details.
Get Your Free Gift
Another recent smishing scam is a text message that doesn’t claim to be from anyone in particular. It simply says, “Thank you for your recent payment. Here is a free gift for you.” People click on the link at the bottom of the message.
This is a well known scam that many have commented about online. Scammers use basic common facts about people in general. Most people have paid some type of bill recently. They assume the text to be from a business they recently paid. People like gifts, they like getting extras, so they click because of the promise of a free gift.
Why Is This Published By A Business Phone Company?
Here at NoContractVoIP, we believe that your success is our success. To get the latest helpful content delivered to your inbox every month, subscribe to our newsletter here.
Looking for the finest stress-free custom business telephone systems? Contact us or call today at 866-550-0005!