In addition to the well-known phishing emails, you should also beware of so-called smishing messages. TECHBOOK explains the term and how best to protect yourself from the various scams.
With the spread of the Internet, fraudsters have also discovered the World Wide Web as a new field of activity. Most Internet users are now familiar with the practice of phishing, which is popular with cybercriminals, i.e. sending e-mails in order to access sensitive data. Less well known is the so-called smishing, a phishing variant via SMS. Most people are now sensitized to the topic of fake e-mails. On the other hand, many are far more careless when receiving deceptive text messages via Messenger and Co.
In our mobile world, time has become a precious commodity. We often do several things at the same time. With a smartphone, this is usually temptingly easy. However, concentration suffers. It is precisely this careless behavior that cybercriminals exploit. Skimmed through an allegedly urgent text message between two appointments, the defective link was clicked and the digital bait swallowed.
What is smishing?
First of all, smishing is an artificial word made up of the terms “SMS” and “phishing”. With smishing, data thieves send text messages that appear legitimate at first glance. The alleged sender is, for example, the bank, a postal service or another shipping company. Particularly nasty: If the data thieves have hijacked the smartphone of a well-known person, the cybercriminals also fake the message from a friend.
In most cases, the recipient should urgently click on a link in order to retrieve a prize, for example. Or you are supposed to enter sensitive data on an alleged website of your bank for security reasons. In certain cases, the smishing message also contains an attachment. If this link or the link contained in the message is clicked, malware is installed in the background, which data thieves can use to retrieve passwords or other personal data.
In addition to private individuals, companies are increasingly being affected by smishing because many employees now have a company cell phone.
How to recognize smishing
Similar to the well-known phishing method, smishing attacks can be quickly uncovered with a keen eye. Here some examples:
- In the text message, the house bank, an authority or other official institutions reportedly reported and demanded personal data.
- For security reasons, the bank requires that credit card numbers or online banking access be sent.
- A friend calls and text message says he’s in trouble. If you send money quickly, all problems will be over.
- They allegedly won the grand prize in a sweepstakes. You just need to submit a few dates then the prize would come to you.
- You will receive a text message asking you to click a link to unsubscribe from a subscribed service.
The examples show you the same smishing pattern over and over again.
- In a smishing message, you must always act immediately and urgently, otherwise something bad is supposed to happen to you.
- Most of the time it’s about personal data that supposedly has to be entered again on some page for comparison.
- The smishing message contains an often abbreviated link or attachment that purports to lead to an official site, but accurately redirects to a website faked by cyber criminals.
Spelling and grammatical errors can also be an indication of fraud, with ever-improving speech AIs increasing the likelihood of a flawless forgery. As a general rule, you should never click on links and attachments unless you can identify a source with absolute certainty and classify it as trustworthy.
How to protect yourself from smishing attacks
The safest and most reliable defense against smishing attacks is still common sense. Never let yourself be pressed for time. If you are unsure, read the text message again and then decide whether it is a legitimate SMS or a nasty scam.
With these tips, data thieves don’t stand a chance with you:
- Never reply to text messages where the sender seems suspicious to you. By doing so, you provoke more smishing messages by showing cybercriminals that this number is active.
- Don’t let yourself be pressured. No bank or other official body asks for personal data or money transfers via SMS.
- If in doubt, call your bank or the mail-order company and ask directly whether they have sent a corresponding message.
- Do not click on any links or attachments contained in the text message. Malware also wreaks significant damage on a smartphone.
- Always install the latest security updates for your smartphone.
Accidentally clicked – what now?
It can happen. Cyber criminals are now sending messages that look deceptively real. If you then only look with half an eye, you fall into the trap. If you have accidentally disclosed bank details, inform your bank immediately and discuss how to proceed. The same applies to other official bodies. Contact customer support to contain the damage as quickly as possible.
If malware has installed on your smartphone, switch the device to flight mode. Do not use it again until all malware has been removed. As a private individual, you must also report the incident to the police. In this way you help other people not to fall for a smishing scam that is currently circulating.
If it is a smishing incident involving the company cell phone, report the attack to the company’s IT support and also to your manager.
Places to get professional help
In order to proactively inform yourself about current scams by cybercriminals, das Federal Ministry of the Interior launched a website. Also the Consumer center informed regularly about suspicious activities of data thieves. At banks and the like, the employees are now often trained accordingly and can give tips if necessary.