We use cookies to give you the best online experience. By using our website you agree to our use of cookies in accordance with our cookie policy.

croom new

Preferred Blog

Preferred has been serving the Tinley Park area since 1991, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Smishing Isn’t as Funny as It Sounds

Smishing Isn’t as Funny as It Sounds

As serious as they are, cyberattacks aren’t always given the most serious-sounding names. We are, of course, referring to “phishing”: the manipulation of the user, rather than of a computer system, to gain access to data. Phishing can come in many forms, with some—like phishing someone via SMS message—doubling down on the silliness of the name. Let’s examine this variety, and why “smishing” is not something to trifle with.

Phishing + SMS = Smishing

When a cybercriminal utilizes a phishing scam, they aren’t necessarily using any advanced technologies to crack your digital protections. Instead, they’re hacking the user, taking advantage of their target’s assumptions, bad habits, and unawareness to trick them into handing over information or the means to access it. One particularly famous example of a classic phishing scheme is the old “email from persecuted royalty” ruse, known as the Nigerian Prince scam.

How Smishing Works

By sending a message that claims (and may even appear) to come from an authority figure or trusted contact, an attacker can bypass your security by convincing a user to undermine their protections.

Smishing is simply the application of these principles via a text message, rather than through the generally standard email.

Instead of an email or phone call, you could get a text message from a number that claims to be an institution that you do business with, be it a financial institution, a service provider, what have you. More recently, many smishing attacks claim to have come from authority figures trying to share information about the COVID-19 pandemic.

The message might share details that seem to confirm that the sender is who they say they are. This message would then closely resemble a phishing email, but since it isn’t the format that most people expect phishing to come in through, it could easily go unnoticed. Either way, like any phishing attack, the text would try to get you to react without much thought.

Chances are, there will be a link included with the message, prompting you to log in. The problem is the link will direct you to a fraudulent login page which will collect your actual credentials. Some will prompt you to download a document, which (surprise, surprise) is hiding some variety of malware in it.

So, simple as that, an attacker suddenly has access to one of your accounts, or potentially your device itself. Just take a moment and consider how much sensitive data you likely keep on your phone, data that could then be extracted by the hacker.

This, naturally, needs to be avoided.

To prevent this from impacting your business, you and your entire team need to be able to recognize a phishing attempt in any of its forms—even when it comes in via text message.

How to Spot a Smishing Message

Fortunately, once you’re aware of the threat that smishing poses, spotting it is much easier. In fact, if you’re familiar with the basic principles involved in spotting a phishing attack, spotting smishing is very similar:

  • If the sender isn’t familiar, don’t open the message and definitely don’t access any links. Just as is the case with a suspected phishing email, even opening a suspected smishing message is potentially risky. If you do happen to open it, don’t click through any links that will almost certainly be present.
  • Don’t provide any sensitive information without confirming the legitimacy of the message through another means. Let’s say you get a text message from Facebook informing you of an issue with your account, with a link to log in and resolve it. Instead of clicking through the link, check your Facebook through the app or your Internet browser. If someone supposedly sends you a request for a password, call them back to confirm the request first.
  • Block numbers you suspect of phishing. There’s a chance that your mobile device offers the capability to block texts, much like an email client can filter messages. Investigate your phone’s capabilities and apply any settings that may help.

As a final note, you need to make sure your entire organization is keeping security in mind as they go about their workday, and that they know how to identify and respond to any threats they may come across. Of course, applying certain protections across your entire network doesn’t hurt, either.

Preferred is here to assist you and your team with any of your IT needs, from security to productivity to mobility. Learn more about our services by reaching out to us at 708-781-7110, or by exploring our website!

Knowing Your Technology Means Knowing What to Expe...
The Help Desk Keeps Business Running Smoothly
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Saturday, November 16 2024

Captcha Image

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Mobile? Grab this Article!

      Qr Code

      Blog Archive

      Latest Blog Entry

      Financial management and accounting are two business needs that apply to all organizations of any size or industry. Fortunately, these organizations have access to tools like Intuit QuickBooks to help them fill these needs in a way that is accessible and convenient. Let’s re...

      Latest News

      Best Places to Work - 5 YEARS STRONG!!

      Preferred is once again, honored for being a Best Place to Work for the fifth straight year!  Our team is what makes Preferred a Best Place to Work.  

      Daily Herald Suburban Business 2024 Best Places to Work Honorees The Daily Herald Suburban Business has announced the names of 51 companies, in 5 categories of competition, that are honored as the 2024 Best Places to Work in Illinois. This statewide survey and awards program was designed to identify, recognize and honor the best places of employment in Illinois, benefiting the state's economy, its workforce and businesses.