Home SecurityMobile Security What is smishing? How phishing via text message works

What is smishing? How phishing via text message works

Smishing definition

Smishing is a cyberattack that uses misleading text messages to deceive victims. The goal is to trick you into believing that a message has arrived from a trusted person or organization, and then convincing you to take action that gives the attacker exploitable information (like bank account login credentials, for example) or access to your mobile device.

Smishing is a text-message-centric variation of the email-based phishing scams that have been around since the 1990s. But people are often less watchful for suspicious messages on their phones than on their computers: they’re more likely to open a potentially suspicious text message than an email message, and their personal devices generally lack the type of security available on corporate PCs. This pernicious new take on an old trick is becoming increasingly widespread.

Phishing vs. smishing vs. vishing: What’s the difference?

Before we dive in the details, let’s take a moment to understand the terminology of these related attack techniques. Phishing is the granddaddy of them all, and CSO has a complete explainer with all the details, but in essence it involves sending targeted email messages to trick recipients. “Phish” is pronounced just like it’s spelled, which is to say like the word “fish” — the analogy is of an angler throwing a baited hook out there (the phishing email) and hoping you bite. The term arose in the mid-1990s among hackers aiming to trick AOL users into giving up their login information. The “ph” is part of a tradition of whimsical hacker spelling, and was probably influenced by the term “phreaking,” short for “phone phreaking,” an early form of hacking that involved playing sound tones into telephone handsets to get free phone calls.

Smishing is, essentially, phishing via text messages. The word is a portmanteau of “phishing” and “SMS,” the latter being the protocol used by most phone text messaging services. Because of this etymology, you’ll sometime see the word written as “SMiShing,” though that’s increasingly rare; people also include scam attempts via non-SMS text services, like WeChat or Apple’s iMessage, under the smishing umbrella. The term has been around since at least the late ’00s, though the omnipresence of smartphones in the modern era has made it a more tempting attack vector for hackers.

“Vishing” is a similar type of attack that uses voice calls instead of emails or texts; the word is a portmanteau of “voice” and “phishing.”

Smishing attack examples

So far we’ve been talking in somewhat theoretical terms. But what are some specific examples of how smishing works in practice? In other words: What should you be on the lookout for?

Copyright © 2020 IDG Communications, Inc.

Source link

Related Articles

Leave a Comment