What Is SMS Phishing?

Criminals all over the world are constantly looking for new ways to take advantage of unsuspecting consumers and enterprises. SMS phishing has become  a very popular trend as of late. This trend, also known as “smishing”, combined social engineering techniques with phishing using the SMS protocol. It is a very powerful scamming technique that can affect anyone and everyone in the world with relative ease.

SMS Phishing Is A Very Real Threat

Ever since the SMS protocol was used as part of two-factor authentication criminals have been looking for ways to take advantage of it. In most cases, these efforts by criminals have been unsuccessful, yet it appears SMS phishing is proving to be quite more potent than first assumed. In fact, it is quickly becoming a favorite tool among hackers to gain access to private data and personal services.

The way SMS phishing works is relatively simple, yet effective. Criminals use social engineering techniques to trick victims into believing the message is sent from a legitimate source. Every text message sent to act as a “phishing hook” to acquire personal information from the victim. This information usually revolves around usernames and/or passwords for popular online services, including social media and online banking portals.

Since a lot of companies and portals use SMS authentication as an additional security layer, it is relatively easy for criminals to trick victims into giving up the information they desire. In most cases, this involves copying a legitimate message sent out by the actual service providers. However, another option is to deliver a “bait” message to series in the hopes of forcing them to give up sensitive information.

To be more specific, this bait message often comes in the form of some financial reward. One particular SMS phishing campaign taking place in 2012 revolved around recipients being eligible for a free US$1,000 gift card if they followed the instructions provided in the SMS. Enticing users to follow a few simple steps in exchange for a financial reward is a tested and tried method with a high chance of success.

Another successful scam targets Apple iCloud users. Victims of this particular SMS phishing scam receive a text which looks like any other notification sent out by Apple when users try to access this service. However, the message states how the cloud account is “deactivated” unless they head to a specific website and enter their login details to have the account restored. Thousands of users around the world have been affected by this scam over the past few years.

It is incredibly difficult for consumers to distinguish between legitimate and malicious text messages from service providers. Never enter important codes in an SMS and certainly don’t visit an unknown link mentioned in the original messages. Unfortunately, it is rather easy for criminals to figure out mobile numbers of potential victims, which undoubtedly means the number of SMS phishing scams will only increase as time progresses.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.