Phishing occurs when scammers send emails that appear to have been sent by legitimate, trusted organizations in order to lure recipients into clicking links and entering login data and other credentials. The term is a reference to the scammers’ strategy of luring the victim with bait and thus, fishing for personal information.
SMiShing is a version of phishing in which scammers send text messages rather than emails, which appear to have been sent by a legitimate, trusted organization and request that the recipient click on a link or provide credentials in a text message reply. The term is a condensed way of referring to “short message service phishing,” or “SMS phishing.”
Criminal hackers have access to technology that generates cell phone numbers based on area code, then plugging in a cell carrier’s given extension, then generating the last four numbers. They then use a mass text messaging service to distribute their SMiShing bait. (An online search for “mass sms software” turns up plenty of free and low-fee programs that facilitate mass texting.)
This ruse tends to be effective because while most of us have learned to recognize phishing emails, we are still conditioned to trust text messages. Also, there’s no easy way for us to preview links in a text message like we can if we are viewing an email on a PC.
Some SMiShers send texts with links that, if clicked, will install keyloggers or lead to malicious websites designed to steal personal data, while others trick targets into calling numbers that rack up outrageous charges to their phone bills.
To protect yourself from SMiShing:
- Be aware of how this type of scam works. Once you understand how it works, you are better positioned to recognize smishing
- Avoid clicking links within text messages, especially if they are sent from someone you don’t know
- Don’t respond to text messages requesting personal information
- Consider using a comprehensive mobile security application that includes SMS (text) filtering as well as anti-theft, antivirus and web protection like McAfee Mobile Security.