Smishing: The Underestimated Threat in Your Inbox

In a world where our reliance on digital devices continues to grow, cybercriminals have developed increasingly sophisticated methods to deceive their victims. One such method, which has gained significant traction in recent years, is known as "smishing". This term is a blend of "SMS" and "phishing".

As a form of phishing, smishing aims to steal sensitive information, such as passwords, bank details, or personal data, through SMS or other messaging services. While phishing emails have been well-known for some time, cybercriminals take advantage of the fact that many people perceive text messages as safer and more personal.

At first glance, it may seem like a harmless attempt to trick someone through a text message, but the consequences can be devastating. It is crucial that we recognise the dangers and learn how to spot potentially fraudulent messages. In a world where cybercrime is on the rise, remaining vigilant and taking the necessary steps to protect our personal data is essential.

In the news

Various European customers of different banks are being targeted by an Android banking trojan called SpyNote as part of an aggressive campaign detected in June and July 2023. The attack chains commence with a bogus SMS message urging users to install a banking app by clicking on the accompanying link, redirecting the victim to the legitimate TeamViewer QuickSupport app available on the Google Play Store." (The Hacker News. (2024). European Bank Customers Targeted in SpyNote Android Trojan Campaign. https://thehackernews.com/2023/08/european-bank-customers-targeted-in.html)

How Does Smishing Work?

A typical smishing attack begins with an SMS that appears to come from a trusted source. This could be a bank, an online service, a parcel delivery company, or even a government agency. The message often contains an urgent request, such as:

• "Your account has been locked. Please click the following link to unlock it."
• "Your parcel cannot be delivered. Confirm your delivery details here."
• "You have a new voicemail. Click here to listen." 

However, the link does not direct you to a legitimate website but to a fraudulent page designed to steal your information. Alternatively, the message might prompt you to download an app that actually contains malware, which spies on your data or compromises your device.

Why is Smishing So Effective?

Smishing messages play on the recipient’s emotions. They often create a sense of urgency, causing people to act impulsively without thoroughly considering the legitimacy of the message. Unlike emails, where many people have become more cautious, text messages are often viewed as more legitimate, increasing the likelihood that a victim will fall for the scam.

To combat this threat effectively, we now offer a new Smishing eLearning course, specially designed to protect your employees and your business. Smishing is a serious threat that can cause significant harm to both individuals and organisations. The best defence against such attacks is knowledge and caution.

With our eLearning course, you’ll be well-equipped to protect yourself and your company from this danger. Take control of your security and make the first step towards a safer digital environment – contact us.