What is smishing? How to protect yourself from smishing attacks

Do you keep your smartphone with you day and night, prop it on your nightstand as you sleep and would not dream of leaving the house without it? If this sounds familiar, you need to be aware of a new danger to your smartphone-enabled life – the growing threat known as smishing.

Your smartphone gives you directions, answers your every query and even helps you save money. But for a growing number of smartphone users, this seemingly innocuous device is a source of danger.

That hazard is known as smishing, a shorthand term used to describe fraud committed via SMS text message. In some ways, the growing awareness of phishing emails and malicious website attacks has fueled the rise of smishing. Many computer owners know not to click on suspicious email links, but they may not have the same fear of unsolicited text messages.

For those familiar with phishing and malicious software, the mechanism of a typical smishing attack will seem quite familiar. When a user clicks on an infected SMS text message, they may be prompted to enter their banking credentials, opening up their accounts to theft. In fact, some people have already lost thousands to these smishing attacks.

Here are some examples of smishing text messages we have received:

In a variation of smishing, the victim may be asked to call a toll-free number, during which they provide their private banking information. The approach may be different, but the result is the same: the theft of the victim’s hard-earned money.

Whether you just bought your first smartphone or have been using one for years, the best way to protect yourself is with vigilance and proactive monitoring. Here are some timely tips to guard yourself and your data from a smishing attack:

• Delete suspicious text messages immediately. Keeping your inbox clean of unwanted messages will reduce the danger of inadvertently clicking on a smishing attempt.
• Never share your mobile phone number on social media. Having your phone number on a public forum is just asking for trouble, so keep that information private and share it only with your best (offline) friends.
• Do not click on links embedded in a text message. Clicking a link is always risky, whether the link came through an email or an SMS text message.
• If the SMS claims to be from your bank, look up their phone number online and contact them directly. If there is a problem with your bank account, the customer service department at your local branch will surely know about it.
• Do not call the phone number embedded in a suspicious text. If you do call, avoid giving out any personal information. Never give personal information to anyone in this situation; always suspect a smishing attack.
• Notify the local authorities about any smishing attempts. If you have received a smishing text message, chances are others have as well. Alerting the local authorities will help spread the word and protect other users.
• Contact your cellular carrier so they can spread the word about these attempted attacks. It is also important to let your carrier know about any suspected smishing attacks; this allows them to tweak their algorithms and implement new fraud protection measures.

Smishing attacks are particularly dangerous, in part because they are still relatively unknown. It can be quite frightening to receive a text message saying that your banking information has been compromised, or that your bank has uncovered a suspicious transaction. But before you panic and click that link or make that phone call, you need to take a step back and be very suspicious. If your banking information is in jeopardy, a simple phone call to their legitimate customer service number should be all it takes to find out what is going on and what you can do about it.