It may sound funny, but its consequences are anything but humorous.
We're talking about smishing, or SMS phishing. Smishing attacks resemble email phishing, with which many people are already familiar.
What Is Smishing, And How Is It Different From Phishing?
A phishing email requests that the user download an attachment or click a suspicious link, which directs them to a fraudulent web page, usually a spoof of a legitimate site. The victim is then asked to enter login credentials.
Once the attacker has that info, they can use it to take over the victim's account remotely.
Smishing attacks are conducted over text message, which may be more effective than traditional email attacks for a couple of reasons.
First, they're relatively novel, and not as many people have come across a phishing attempt over text message as have seen traditional phishing emails. Second, they're brief, giving the victim less information that can be used to determine if a message is fraudulent or legitimate. SMS users may also be more open to clicking shortened redirect links, which can mask domain names that would otherwise raise a red flag.
As a business that cares about your customers' personal data, how can you best position yourself to fight against smishing on behalf of your followers and friends?
Recent Examples and Lessons Learned
Recent smishing attacks have been deployed to trick users into thinking they were being contacted about an anticipated shipment from FedEx or to verify their Verizon account details for security purposes.
The Verizon impersonator, in particular, had set up a very compelling landing page from which to solicit login credentials. The FedEx spoof reached many people and included a fake tracking number in order to provide an additional veneer of legitimacy.
Both FedEx and Verizon have comprehensive pages on their websites dedicated to educating users about how to spot and report scams and fraud.
If there's a chance that malicious actors will impersonate your services, be sure to have resources available for wary users to consult in case they're contacted by fraudsters who claim to be associated with your company.
In addition, your business should always follow best practices for communicating with customers over SMS.
Don't:
- You shouldn't request personal or financial information from your customers over text.
- Never send messages that pressure your users to hand over personal information quickly.
Do:
- Educate your users about deceptive practices when they create an account with your business.
- Make sure your business's website uses HTTPS.
When more businesses stick to these rules, their customers will be better equipped to spot social engineering tricks.
If you use a shortcode for business texting, you may also want to consider switching to a longcode. While there are many legitimate uses for shortcodes, they are sometimes exploited by spammers and scam operators, like smishers.
For all other business texting needs, find out how Swift SMS Gateway can help. Sign up for a free demo today.