What is smishing?
Smishing stands for ‘SMS phishing’. Just like email phishing, SMS phishing is an attempt at a security attack in which the phone user is tricked into either downloading a virus or malware onto their mobile device or into giving their personal data over. And while email security features have made it more difficult for phishing emails to reach your mailbox, it is more difficult to distinguish between a genuine and a fake text message.
SMS tend to elicit greater response and urgency than emails. People also seem to trust more texts rather than emails, because it’s more difficult to get hold of one’s mobile number rather then their email address.
How does it work?
Smishing is usually carried away by sending a SMS that contains link to a website. Once they click on the website, the phone owner is prompted to either download a program that allows their phone to be controlled by a hacker or submit personal information like bank login and password.
But how do people get tricked? Smishing uses elements of social engineering to get people share personal information. The messages often leverage your trust or fear in order to obtain information. For example, the message will say that if you don’t click a link and enter your details then you’ll be charged. Or they often aim to trick you into thinking that you’re texting your bank.
A recent example of a smishing attach is the Argos text scam. The attack targets customers that own an ‘Argos card’ (Argos is a British retailer) by sending them a text message, informing them that they’re owed a £180 refund and inviting them to click on a link where they can leave their bank details. In another version of the scam customers are told they have a package waiting for them, followed by a URL which directs them to a website offering free iPhones in exchange for bank details.