Fake Checks, Tech/Software

How to identify smishing SMS phishing

identify smishing SMS phishing

What are the best ways to identify smishing SMS phishing? Our guide warns you what to watch out for and how to avoid smishing risks.

Find more technology guides, tips and advice

The smartphone has become a constant companion in our modern society. It is therefore important not only to guard against fraud and hacking on the computer, but also to include mobile devices such as cell phones. Unfortunately, smishing – phishing via SMS – is showing itself to be a rising trend. Not only private individuals, but also companies can be affected: People are often the greatest weak point.

Best ways to identify smishing SMS phishing

Smishing is a compound word creation consisting of SMS and phishing. When cybercriminals phish, they send fraudulent emails and seduce the recipient into clicking links or opening attachments. Cyber ​​criminals use manipulated websites to steal login data or other information. Smishing simply uses text messages instead of emails. There are several methods of this attack, so you need to be able to identify smishing SMS phishing:

Smishing Method 1: Download Malicious Software

The classic in both conventional phishing and smishing is the download link to malicious software. A link is packaged in a short text message, written as if it was from a friend, and the recipient is asked to click on the link. If this happens, software is downloaded in the background – often unnoticed by the victim of the attack. The attacker gains access to the smartphone and can use data as well as logins, message content or other information.

Smishing method 2: link to fake website

Another perfidious method that works via both email phishing and smishing is directing the victim to a form. The personal data entered in this form will be delivered free of charge to the fraudsters. This trick is particularly popular for adopting access data for online banking or other account / credit card information. Typically, cyber criminals report security problems that would require the immediate transfer of personal data in order to continue using all functions of a service.

Smishing Method 3: Spear Smishing

In both spear phishing and spear smishing, an attack is aimed at the data of very specific people. Attackers can evaluate the victim’s internet profiles in advance, for example from social networks. You get a picture of the person and then cut the smishing exactly to it. Knowing personal data creates a deceptive feeling of trust and credibility in the victim, so that victims unfortunately often only too willingly entrust their data to cyber criminals.

Smishing method 4: faking customer support

Also very popular is the method in which cyber criminals pretend to be customer care workers. The victim of this scam receives an SMS with the information that it is necessary to contact customer support using the number provided. If the fraudster speaks to the victim, he tries to elicit information. Due to the trick of posing as a support employee, there is an increased credibility – and details are already confidently divulged.

Smishing goals

Essentially, the motives or goals of cyber criminals can be broken down into three: They want to steal access data, spread malware or get rich. Let’s look at these goals in detail:

In the first variant, with the aim of accessing access data, online banking access is of particular interest. Paradoxically, the criminals take advantage of the consumers’ fears of precisely such scams: The SMS or text messages look as if they came from the victim’s bank. The message then warns of extensive or unusual bookings, unknown payees or the like. By clicking on the link, the victim can protect himself from fraud. As a rule, this link then leads to a manipulated or falsified website that may look deceptively similar to the actual banking website. The victim is persuaded to reveal the identifier, then the account is looted.

The attempt to spread malware is based on classic e-mail phishing, but relies on techniques that are tailored to mobile devices and their users. Victims of this scam could, for example, be persuaded to install an app that supposedly comes from a reputable source. In fact, it is a Trojan that can access credit card numbers or other information or compromise other (app) access data. 

On iOS it is difficult to use this trick to spread malware: Installing apps that are not verified is hardly feasible for normal users on iOS. On Android, however, where app sideloading (loading of apps from other sources) is possible, your suspicion should grow when you are asked to install apps.

In order to collect sums of money, cyber criminals use various methods, sometimes with technical skill, sometimes rather clumsy. For example, cyber criminals can pretend to be casual acquaintances of the victims – names can be easily researched on Facebook and Co. This now offers an amount of money for various reasons – inheritance, profit, government subsidy, etc. – in prospect. Before it can be paid out, however, a fee is charged – a classic fraud.

Avoid smishing efficiently

As you can see, criminals use various motivations and techniques to repeatedly outsmart their victims and steal information or money or distribute malware. If you receive any SMS or text messages, use caution. Our following tips will help you:

  • Detect: If you receive urgent security warnings, coupons, offers or deals that should be redeemed immediately, or something else via SMS, you can already see this as a warning of an attack. Don’t fall for it.
  • Verify: Neither banks nor dealers or other agencies and institutions send you text messages to ask for account information or to ask you to confirm with a PIN. If you receive an SMS from a retailer or your bank, it helps to call them to check that the message really came from there.
  • Use caution: Avoid clicking links or phone numbers in messages. Avoid this in general, because as you can read above, cyber criminals also pose as friends. If you are unsure, the same thing helps as in the previous point: Call the friend and ask.
  • Detect anything suspicious: Also check the number the text message came from. If it doesn’t look real, such as “50110”, the number may refer to email-to-SMS services. These are sometimes used by scammers to hide their real phone numbers. It is also possible for Smishers to fake other numbers through so-called spoofing. In addition to suspicious numbers, spelling and grammar can also be suspicious. International criminals often use translation tools – and you can tell in the text messages.
  • Smart storage: Neither credit card nor banking information has lost anything on your smartphone. It’s actually simple: if there is no information, it cannot be stolen – not even if all the data from your smartphone is removed.
  • Report: You have the option of reporting the smishing attack to the government. There are various contact channels that the givernment presents on its anti-scams and anti-fraud website .
  • Install antivirus: Use antivirus software on your smartphone and always keep it up to date. There is no guarantee that an AV program will recognize the malicious software. But with this additional level of security, the likelihood of infections on your smartphone decreases.