What is SMiShing?
SMiShing is when someone tries to trick you into giving them your private information via a text or SMS message. SMiShing is becoming an emerging and growing threat in the world of online security. Read on to learn what SMiShing is and how you can protect yourself against it.
Put simply, SMiShing is any kind of phishing that involves a text message sent to your mobile phone. Often times, this form of phishing involves a text message in an SMS or a phone number. SMiShing is particularly scary because sometimes people tend to be more inclined to trust a text message than an email. Most people are aware of the security risks involved with clicking on links in emails. This is less true when it comes to text messages.
SMiShing uses elements of social engineering to get you to share your personal information. This tactic leverages your trust in order to obtain your information. The information a SMiSher is looking for can be anything from an online password to your Personally Identifiable Information (PII). Once the SMiSher has your information, they can often do unauthorized actions in your name. That is where you are really going to start running into problems.
How to Know If You’re Being SMiShed ?
In general, you do not want to reply to text messages from people you do not know. That is the best way to be safe. This is especially true when the SMS comes from a phone number that doesn’t look like a phone number, such as “5000” phone number. This may be a sign that the text message is actually just an email sent to a phone. You should also exercise basic precautions when using your phone such as:
- Don’t click on links you get on your phone unless you know the person they are coming from.
- Even if you get a text message with a link from a friend, consider verifying they meant to send the link before clicking on it, if you’re not expecting it or the message does not coincide with his/her normal communication format.
- Many smishing messages recently sent ask you to call a number to collect your prize. Do not call the number!
- A full-service Internet security suite isn’t just for laptops and desktops. It also makes sense for your mobile phone.
- Never install apps from text messages.
- Any apps you install on your device should come straight from the official app store.
- These programs have vigorous testing procedures to go through before they’re allowed in the marketplace. Err on the side of caution.
- If you have any doubt about the safety of a text message, don’t even open it.
Almost all of the text messages you get are going to be totally fine. But it only takes one bad message to compromise your security. With just a little bit of common sense and caution, you can make sure that you do not become a victim of identity theft.
What should I do ?
If you receive a message like the one above, delete it. Do not reply to it.
If you reply STOP or HELP, you have confirmed to the sender that your number is a live one.
If this text came from someone doing the text message version of spam (unsolicited commercial email of dubious value), you’ve just increased the value of your number to the “spammer.” That is, he can sell it to other marketers as an active phone number.
If you are in doubt or need help do not hesitate to contact AskInfoSec@kaust.edu.sa.
Otherwise, be a Human Firewall!
Thank you, this is a valuable information to me.
Appreciated
Thank you Hani, we are glad you found it useful!