24th April, 2020

  • Industry Insights
  • Security

In recent weeks, we’ve examined Phishing methods used by hackers to part your business from its hard-earned money and IP, giving you simple steps to protect yourself. This week we are taking a closer look at the growing threat of Smishing.

Smishing is very much like Phishing but instead of delivering a nefarious payload via email, text message is used instead. When you receive such a text message, the hacker is looking for you to download a Trojan Virus onto your device, or enter personal information, such as a National Insurance number, passwords, bank account or credit card details.

As this is still a new way hackers are using to get your information, most messages are reasonably simple to spot. Look out for easy wins such as a text from Amazon saying you need to click a link to log into your account to arrange a delivery. Didn’t order anything? Best not to click. Did order something? Don’t click, instead go to the Amazon website as you normally would and log in there.

The same must be said about messages you receive from your bank requesting that you click and log in. Don’t do it. Visit the website or app and log in as you would normally. The likes of your bank and Amazon won’t text you asking you to log in, so you can be pretty sure these texts are scams, albeit well designed ones.

You may get a text from Netflix asking you to click a link and log in. You do, as you’ve got a Netflix account, so the message must be genuine right? Now the hacker has your password. Probably the same password you use for your email or banking. There may be trouble ahead.

These scams work because they aim at a high yield audience. Many of us have Netflix accounts, so it seems plausible that when sending out millions of texts, the scammers will hit plenty of Netflix users. In the same way, so many people shop at Amazon and have bank accounts. The return on investment for these criminals is huge, so don’t underestimate them.

You now know to never click a link in a text.

You must also be careful when clicking anything sent from a “friendly” source. Anyone got a friend called John? John has just text you to say:

“Hey buddy, lost my phone so here’s my new number. Whilst I’m on, can you please have a look over the attached letter for me?”

You might want to give John’s old number a wee ring first, just to make sure you’re not being scammed. You can be pretty confident that John will answer his allegedly lost phone.

The reason all of this works is that we are used to being vigilant on our emails, but probably less so when looking at text messages, and the sheer amount of texts we send and receive in a day is getting to silly numbers. The very best protection? If you aren’t expecting a text that you receive and you can’t prove it’s from a trusted source, just ignore it. These criminals are left completely powerless.

If you need any further advice on how to spot and protect against phishing attacks, please don’t hesitate to get in touch.