Contents:
The independent agency of the United States federal government Federal Communications Commission (FCC) alerted mobile users to an uptick in SMS (Short Message Service) phishing campaigns that aim to steal their money and snatch their private data.
Threat actors behind these types of attacks, also known as smishing or robotexts, may employ a variety of enticements to deceive targets into disclosing sensitive information.
As defined in one of our previous articles, smishing is a type of phishing attack in which cybercriminals use text messages to trick their victims into opening malicious attachments or clicking on malicious links.
The FCC tracks consumer complaints – rather than call or text volume – and complaints about unwanted text messages have risen steadily in recent years from approximately 5,700 in 2019, 14,000 in 2020, 15,300 in 2021, to 8,500 through June 30, 2022.
In addition, some independent reports estimate billions of robotexts each month – for example, RoboKiller estimates consumers received over 12 billion robotexts in June.
Common Smishing Lures
Among the smishing lures (which, by the way, are really convincing) reported to the government by American users were claims about:
- outstanding bills
- package delivery problems
- bank account issues
- law enforcement actions.
Some of the most cunning and persuading baits used in SMS phishing attacks are links that direct the potential victims to landing pages posing as financial institution sites and requesting that they confirm an order or unlock frozen credit cards.
Signs of scam text messages:
☑️ Unknown numbers
☑️ Misleading information
☑️ Mysterious links
☑️ Sales pitches
☑️ Incomplete information— The FCC (@FCC) July 28, 2022
For more signs of smishing, make sure you check this article.
In order to gain your trust, the texts typically claim to be from a legitimate organization, such as the user’s bank, card issuer, a service provider like a mobile phone company, or even a government agency.
While some smishers will try to obtain credit card details, others can have simpler plans and will only be content to snatch any private data they can find, use it in later fraudulent activities, or sell it to other cybercriminals.
How to Avoid Being Smished?
Not trusting text messages you receive out of the blue that purport to be from a legitimate company or avoiding replying to texts that ask for financial and personal information before confirming that the sender is legitimate are among measures you can take to avoid falling victim to this type of attack.
Discover more preventive measures in the article we just published about smishing here.
If you think you’re the victim of a texting scam, report it immediately to your local law enforcement agency and notify your wireless service provider and financial institutions where you have accounts.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.