Skip to main content
  1. Home
  2. Computing
  3. Features

Smishing sounds funny, but it’s a serious threat to your phone’s security

Luke Larsen
By
smishing example on phone
Image used with permission by copyright holder

Phishing remains a serious security problem. According to some reports, one in every 101 emails are malicious and most of those use some form of phishing as a primary scamming tactic. Most people are aware of phishing, but we only look out for threats when checking email.

Criminals, however, are one step ahead. Security experts say phishing has come full-force to texting, and it carries even more potential danger than it does through email.

Recommended Videos

Breaking the myths about phones

A lot of effort goes into securing our smartphones, whether it’s passcodes, fingerprint scanners, or even facial recognition. Like the security system of a car, we assume this keeps the bad guys out and our personal data safe. But when someone falls for a phish scam over text, they are willingly handing over the keys to their car, often without knowing it.

insecure
(in)Secure, a weekly column, follows the trends, and screw-ups, you need to know about. We’ll touch on topics ranging from the laws behind cyber security, to the latest major breaches, to new methods that can help keep your data safe or, at least, minimize the damage.

“It’s pretty much the old phishing techniques applied to mobile text messages instead of email,” Ruby Gonzalez told Digital Trends. She’s the Communications Director at NordVPN. The company recently published a report attempting to raise awareness about how the situation has gone from bad to dire. The report calls it “smishing,” or SMS phishing.

“As smartphones get more and more popular, personal use of email is declining,” said Gonzalez. “Not only text messages, but all Facebook messages, and so on. So, people have been getting used to getting all kinds of offers being sent over messages, including links. It’s a new channel. It’s a wider channel for criminals, and they are trying to exploit it in the same way as all other channels that are opening.”

Like how masses of email accounts are collected, Gonzalez says cyber-criminals retrieve phone numbers from databases on the dark web and then try to lure their targets into sharing personal data.

The most common form of this is a text with a link that automatically downloads malware, which can then steal all sorts of different data. Your smartphone knows a lot more about you than your PC, so an installed piece of malware might steal the phone numbers in your contact list and spread the virus in hopes to exponentially multiply. Even important bits of personal data, like banking credentials or your tracking location, can be at risk.

Examples of smishing attempts Image used with permission by copyright holder

Another tactic is to pose as a legitimate and well-known institution, a classic page out of the phishing playbook. In some cases, scammers masquerade as tax authorities, which has become an increasingly worrisome problem in the UK and Canada. During tax season, Gonzalez noted, these sorts of attacks become extremely common. The fact a message comes over text often gives a false sense of legitimacy, as many people don’t know a text message can be a threat.

“They say that the user is due a tax refund or needs to provide some more information,” said Gonzalez. “Basically, they try to get users’ financial information, and that can then be used for stealing their money.”

Whether it’s from your dentist or your library, automated text messages are more common than ever. The more accustomed we are to automated texts, the more opportunity there is for scammers to exploit that familiarity.

The more accustomed we are to automated texts, the more opportunity there is for scammers to exploit that familiarity.

A simple reply to a text message is often all that’s needed to put you in harm’s way. In the US, Gonzalez mentioned shortcodes as a commonly-exploited tactic. These are typically used by organizations like charities, which can send texts directly to supporters and allow them to donate funds with just a one-word response. Scammers have used that same system to steal money right out of people’s bank accounts.

The problem is far more widespread than you might think. According to Gonzalez, more than one and three people in the UK who text have been targeted by a phishing scam in the past six months. Statistics also say fewer than two in five people report a scam when it happens, meaning the real numbers could be even worse.

What can we do about it?

The biggest problem with phishing is that it’s hard to detect. While most people think they’d never fall victim to it, many people do, and don’t realize what’s happened until it’s far too late. As stated above, scammers prey on people’s fears about security or finances. However, there are some practical things you can do to stay one step ahead of scammers.

Related reading

The first is simple. Never click on a link or reply to a text. If you are even slightly suspicious, it’s always better to play it safe. That includes if the call to action is “reply if you want to stop getting these messages.” Try Googling the content of the message if it seems even slightly off.

“Sometimes criminals have huge databases of phone numbers, and if they get a reply, they know the number is active,” said Gonzalez. “So that can actually be counterproductive. If it looks like it comes from a company and it asks for strange things like a password or has a link, find the legitimate number on the internet and call and verify if the message really came from them. Not clicking on any links is a good idea, unless you’re pretty sure it’s coming from a legitimate source.”

Having anti-malware installed on your phone isn’t a bad idea, either. Some people believe that smartphones are less susceptible to malicious software than computers, but Gonzalez is convinced that the opposite was true.

“Having antimalware software for the phone is getting as important as having one on your laptop or desktop computer.”

“There are lots of malware strands that are primarily target phones,” she noted. “Specifically, Android phones, because Android is a more open system. Over the past couple of years there have been scandals with malware-infected apps even in the Google Play Store. Having antimalware software for the phone is getting as important as having one on your laptop or desktop computer.”

Several VPN companies provide additional support in this area,as well. NordVPN has its own feature in its security apps called CyberSec, which the company says is like a content blocker for your entire operating system. It works by checking addresses against the huge database of the company’s blocklists.

Lastly, if you do find yourself in a situation where you think some malware has been downloaded, make sure to protect your data. Change all your passwords, or use an encrypted password manager for maximum security.

Topics
Luke Larsen
Luke Larsen
Senior Editor, Computing
Luke Larsen is the Senior editor of computing, managing all content covering laptops, monitors, PC hardware, Macs, and more.
Gigabyte just confirmed AMD’s Ryzen 9000 CPUs
Pads on the AMD Ryzen 7 7800X3D.

Gigabyte spoiled AMD's surprise a bit by confirming the company's next-gen CPUs. In a press release announcing a new BIOS for X670, B650, and A620 motherboards, Gigabyte not only confirmed that support has been added for next-gen AMD CPUs, but specifically referred to them as "AMD Ryzen 9000 series processors."

We've already seen MSI and Asus add support for next-gen AMD CPUs through BIOS updates, but neither of them called the CPUs Ryzen 9000. They didn't put out a dedicated press release for the updates, either. It should go without saying, but we don't often see a press release for new BIOS versions, suggesting Gigabyte wanted to make a splash with its support.

Read more
ExpressVPN Deals: Save 49% when you sign up today
Express VPN logo.

VPNs have become pretty important in the modern world, whether it's a matter of unlocking geo-blocked content or providing an extra layer of security to your connection when you're out in public. Luckily, one of the best VPNs on the market has a sale right now that will save you 49% on the regular pricing. You also get a 30-day money-back guarantee to test it out, which is great because there isn't any Express VPN free trial you can take advantage of. That said, if the deal below doesn't quite tickle your fancy, or Express VPN is not the VPN that fits your needs, you can check out some of these other great VPN deals as well.

Today's Best ExpressVPN Deal

Read more
Save $100 on this Netgear mesh Wi-Fi system at Crutchfield
netgear orbi ax6000 tri band wi fi system deal crutchfield april 2024 lifestyle

If you want every corner of your home to have access to a stable internet connection, you're going to want to buy a mesh Wi-Fi system. There are lots of options out there among all the router deals online, but here's one that we recommend -- the Netgear Orbi AX6000 tri-band Wi-Fi system, which Crutchfield is selling at $100 off. Instead of $900, you'll just have to pay $800 for this mesh Wi-Fi system, but only if you hurry. The discount is expected to last for a few more days, but we're not sure if stocks will still be available by the end of the sale.

Why you should buy the Netgear Orbi AX6000 tri-band Wi-Fi system
The Netgear Orbi AX6000 tri-band Wi-Fi system includes a router module and two satellites to create a mesh network that supports Wi-Fi 6 and will provide coverage across 7,500 square feet. The router and the satellites will use a single network name for a seamless connection as you move around -- horizontally or vertically -- and MU-MIMO technology will allow for simultaneous streaming across multiple devices, so even if everyone in the family is connected to the mesh Wi-Fi system at the same time, nobody will experience any lag or buffering while watching streaming shows.

Read more