The Connection, Inc Blog

The Connection, Inc has been serving the New Jersey area since 1992, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

Smishing Isn’t as Funny as It Sounds

Smishing Isn’t as Funny as It Sounds

As serious as they are, cyberattacks aren’t always given the most serious-sounding names. We are, of course, referring to “phishing”: the manipulation of the user, rather than of a computer system, to gain access to data. Phishing can come in many forms, with some—like phishing someone via SMS message—doubling down on the silliness of the name. Let’s examine this variety, and why “smishing” is not something to trifle with.

Phishing + SMS = Smishing

When a cybercriminal utilizes a phishing scam, they aren’t necessarily using any advanced technologies to crack your digital protections. Instead, they’re hacking the user, taking advantage of their target’s assumptions, bad habits, and unawareness to trick them into handing over information or the means to access it. One particularly famous example of a classic phishing scheme is the old “email from persecuted royalty” ruse, known as the Nigerian Prince scam.

How Smishing Works

By sending a message that claims (and may even appear) to come from an authority figure or trusted contact, an attacker can bypass your security by convincing a user to undermine their protections.

Smishing is simply the application of these principles via a text message, rather than through the generally standard email.

Instead of an email or phone call, you could get a text message from a number that claims to be an institution that you do business with, be it a financial institution, a service provider, what have you. More recently, many smishing attacks claim to have come from authority figures trying to share information about the COVID-19 pandemic.

The message might share details that seem to confirm that the sender is who they say they are. This message would then closely resemble a phishing email, but since it isn’t the format that most people expect phishing to come in through, it could easily go unnoticed. Either way, like any phishing attack, the text would try to get you to react without much thought.

Chances are, there will be a link included with the message, prompting you to log in. The problem is the link will direct you to a fraudulent login page which will collect your actual credentials. Some will prompt you to download a document, which (surprise, surprise) is hiding some variety of malware in it.

So, simple as that, an attacker suddenly has access to one of your accounts, or potentially your device itself. Just take a moment and consider how much sensitive data you likely keep on your phone, data that could then be extracted by the hacker.

This, naturally, needs to be avoided.

To prevent this from impacting your business, you and your entire team need to be able to recognize a phishing attempt in any of its forms—even when it comes in via text message.

How to Spot a Smishing Message

Fortunately, once you’re aware of the threat that smishing poses, spotting it is much easier. In fact, if you’re familiar with the basic principles involved in spotting a phishing attack, spotting smishing is very similar:

  • If the sender isn’t familiar, don’t open the message and definitely don’t access any links. Just as is the case with a suspected phishing email, even opening a suspected smishing message is potentially risky. If you do happen to open it, don’t click through any links that will almost certainly be present.
  • Don’t provide any sensitive information without confirming the legitimacy of the message through another means. Let’s say you get a text message from Facebook informing you of an issue with your account, with a link to log in and resolve it. Instead of clicking through the link, check your Facebook through the app or your Internet browser. If someone supposedly sends you a request for a password, call them back to confirm the request first.
  • Block numbers you suspect of phishing. There’s a chance that your mobile device offers the capability to block texts, much like an email client can filter messages. Investigate your phone’s capabilities and apply any settings that may help.

As a final note, you need to make sure your entire organization is keeping security in mind as they go about their workday, and that they know how to identify and respond to any threats they may come across. Of course, applying certain protections across your entire network doesn’t hurt, either.

The Connection, Inc is here to assist you and your team with any of your IT needs, from security to productivity to mobility. Learn more about our services by reaching out to us at (732) 291-5938, or by exploring our website!

Knowing Your Technology Means Knowing What to Expe...
The Help Desk Keeps Business Running Smoothly
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Thursday, 28 March 2024

Captcha Image

Blog Archive

2024
April
May
June
July
August
September
October
November
December

Mobile? Grab this Article

QR Code

Free Consultation

team work

Interested in seeing what we can do for your business? Contact us to see how we can help you!

Sign Up Today!

News & Updates

The Connection, Inc. Celebrates 32 Years as a Trusted Technology Provider!   Since our founding in 1992, technology and the way we operate and do business has changed a lot. Companies that have adapted and aligned themselves with ...

Contact us

Learn more about what The Connection, Inc can do for your business.

The Connection, Inc
51 Village CT
Hazlet, New Jersey 07730