SMiShing – Social Engineering Attack

phonehack93854370SMiShing or SMS phishing is a social engineering attack that is occurring more and more frequently. This attack attempts to either steal identity details, credential information, or credit card specifics. It can also be used to trick you into agreeing to additional charges on your mobile phone bill. Generally the attack is waged by sending targets (i.e. you) a URL or a phone number along with a statement that expresses urgency to establish content or respond to the message.

Some examples of the ruse in these messages include notices of new charges, suspicious or illegal activities, compromise of an account, request to confirm agreement, or account has been suspended. These messages attempt to trick you into following the URL or calling the phone number presented. In either case, you might be visiting a site with malicious content or calling a service that could add fees or toll charges to your mobile phone bill.

To protect yourself against this threat, don’t assume a text message is valid or from the claimed origin. Any SMS received that does not have a valid phone number or organizational name as its source, is potentially fraudulent. Contact the organization using a known phone number or trusted URL for the claimed organization, do not use the ones provided by the SMS. Ask about your account and the contents of the message. If the SMS proves genuine, handle the issue via the contact you just established. If the SMS proves false, report it to the organization, follow their instructions, then delete the message from your phone. If your phone or provider offers a blocking feature, consider blocking future messages from that same origin.

Related Courses:
Voice over IP Foundations

In this article

Join the Conversation