Skip to main content
  1. Home
  2. Computing
  3. Features

Smishing sounds funny, but it’s a serious threat to your phone’s security

Luke Larsen
By
smishing example on phone
Image used with permission by copyright holder

Phishing remains a serious security problem. According to some reports, one in every 101 emails are malicious and most of those use some form of phishing as a primary scamming tactic. Most people are aware of phishing, but we only look out for threats when checking email.

Criminals, however, are one step ahead. Security experts say phishing has come full-force to texting, and it carries even more potential danger than it does through email.

Recommended Videos

Breaking the myths about phones

A lot of effort goes into securing our smartphones, whether it’s passcodes, fingerprint scanners, or even facial recognition. Like the security system of a car, we assume this keeps the bad guys out and our personal data safe. But when someone falls for a phish scam over text, they are willingly handing over the keys to their car, often without knowing it.

insecure
(in)Secure, a weekly column, follows the trends, and screw-ups, you need to know about. We’ll touch on topics ranging from the laws behind cyber security, to the latest major breaches, to new methods that can help keep your data safe or, at least, minimize the damage.

“It’s pretty much the old phishing techniques applied to mobile text messages instead of email,” Ruby Gonzalez told Digital Trends. She’s the Communications Director at NordVPN. The company recently published a report attempting to raise awareness about how the situation has gone from bad to dire. The report calls it “smishing,” or SMS phishing.

“As smartphones get more and more popular, personal use of email is declining,” said Gonzalez. “Not only text messages, but all Facebook messages, and so on. So, people have been getting used to getting all kinds of offers being sent over messages, including links. It’s a new channel. It’s a wider channel for criminals, and they are trying to exploit it in the same way as all other channels that are opening.”

Like how masses of email accounts are collected, Gonzalez says cyber-criminals retrieve phone numbers from databases on the dark web and then try to lure their targets into sharing personal data.

The most common form of this is a text with a link that automatically downloads malware, which can then steal all sorts of different data. Your smartphone knows a lot more about you than your PC, so an installed piece of malware might steal the phone numbers in your contact list and spread the virus in hopes to exponentially multiply. Even important bits of personal data, like banking credentials or your tracking location, can be at risk.

Examples of smishing attempts Image used with permission by copyright holder

Another tactic is to pose as a legitimate and well-known institution, a classic page out of the phishing playbook. In some cases, scammers masquerade as tax authorities, which has become an increasingly worrisome problem in the UK and Canada. During tax season, Gonzalez noted, these sorts of attacks become extremely common. The fact a message comes over text often gives a false sense of legitimacy, as many people don’t know a text message can be a threat.

“They say that the user is due a tax refund or needs to provide some more information,” said Gonzalez. “Basically, they try to get users’ financial information, and that can then be used for stealing their money.”

Whether it’s from your dentist or your library, automated text messages are more common than ever. The more accustomed we are to automated texts, the more opportunity there is for scammers to exploit that familiarity.

The more accustomed we are to automated texts, the more opportunity there is for scammers to exploit that familiarity.

A simple reply to a text message is often all that’s needed to put you in harm’s way. In the US, Gonzalez mentioned shortcodes as a commonly-exploited tactic. These are typically used by organizations like charities, which can send texts directly to supporters and allow them to donate funds with just a one-word response. Scammers have used that same system to steal money right out of people’s bank accounts.

The problem is far more widespread than you might think. According to Gonzalez, more than one and three people in the UK who text have been targeted by a phishing scam in the past six months. Statistics also say fewer than two in five people report a scam when it happens, meaning the real numbers could be even worse.

What can we do about it?

The biggest problem with phishing is that it’s hard to detect. While most people think they’d never fall victim to it, many people do, and don’t realize what’s happened until it’s far too late. As stated above, scammers prey on people’s fears about security or finances. However, there are some practical things you can do to stay one step ahead of scammers.

Related reading

The first is simple. Never click on a link or reply to a text. If you are even slightly suspicious, it’s always better to play it safe. That includes if the call to action is “reply if you want to stop getting these messages.” Try Googling the content of the message if it seems even slightly off.

“Sometimes criminals have huge databases of phone numbers, and if they get a reply, they know the number is active,” said Gonzalez. “So that can actually be counterproductive. If it looks like it comes from a company and it asks for strange things like a password or has a link, find the legitimate number on the internet and call and verify if the message really came from them. Not clicking on any links is a good idea, unless you’re pretty sure it’s coming from a legitimate source.”

Having anti-malware installed on your phone isn’t a bad idea, either. Some people believe that smartphones are less susceptible to malicious software than computers, but Gonzalez is convinced that the opposite was true.

“Having antimalware software for the phone is getting as important as having one on your laptop or desktop computer.”

“There are lots of malware strands that are primarily target phones,” she noted. “Specifically, Android phones, because Android is a more open system. Over the past couple of years there have been scandals with malware-infected apps even in the Google Play Store. Having antimalware software for the phone is getting as important as having one on your laptop or desktop computer.”

Several VPN companies provide additional support in this area,as well. NordVPN has its own feature in its security apps called CyberSec, which the company says is like a content blocker for your entire operating system. It works by checking addresses against the huge database of the company’s blocklists.

Lastly, if you do find yourself in a situation where you think some malware has been downloaded, make sure to protect your data. Change all your passwords, or use an encrypted password manager for maximum security.

Topics
Luke Larsen
Luke Larsen
Senior Editor, Computing
Luke Larsen is the Senior editor of computing, managing all content covering laptops, monitors, PC hardware, Macs, and more.
The real reason so many laptops have moved to soldered RAM
The Intel 12th-gen Mainboard upgrade for the Framework Laptop.

The completely redesigned Dell XPS 14 and 16 came out this year as two of the most divisive laptops in recent memory. No, it wasn't just the capacitive touch buttons or invisible trackpad that caused an uproar -- it also moved to soldered RAM. This was a big change from the past, where the XPS 15 and 17 were both celebrated for their upgradability.

Of course, Dell isn't the first to make the transition. In fact, they're one of the last, which is what makes the decision so much tougher to swallow. Where soldered RAM was previously limited to just MacBooks and ultrabooks, it's now affecting most high-performance laptops for gaming as well. Even the fantastic ROG Zephyrus G14 moved to soldered memory this year.

Read more
How to check the storage space on your Mac
The About This Mac window showing storage usage, alongside a window offering suggestions on how to save storage spce in MacOS Monterey.

Upgrading storage on your Mac isn't always easy, or even possible, so knowing how much storage space you have, and how to free up more, is a great idea. Often when you buy a Mac, that's the storage you're stuck with -- although external drives and cloud storage are always an option.

Luckily, checking your available storage -- and then freeing up space for the things you want to keep -- is very easy to do. In this guide, we’ll walk you through the process of checking your Mac’s storage space, then show you a few quick ways of clearing out the junk you no longer need.

Read more
How to update your Gmail picture on desktop and mobile
A man holding a teacup staring at laptop screen.

There are lots of reasons why you'd want to change your Gmail profile picture. Maybe you have a great, new selfie you want to show off. Or you just want to update your work email with a photo that's recent and professional-looking. Whatever the reason, we can help you update your Gmail picture in just a few quick steps. We've also got you covered whether you choose to change your photo via Gmail's desktop website or through its mobile app.

Read more