I suppose that before I explain how to avoid smishing scams, it might help to understand the meaning of the word “smishing.” Basically, smishing is phishing through text rather than email. All clear now? That definition works fine if you understand what phishing is. Okay, let’s go to the Mirriam-Webster dictionary to find out the full meaning of “smishing.” (Note: smishing is no longer “a new kind of cybercrime.”)
Smishing is a new kind of cybercrime. Its name is a portmanteau of SMS (short message service) and phishing. SMS refers to a text messaging service, and you probably know phishing as the name for a scam in which a person is duped into revealing confidential information by responding to a bogus e-mail that appears to be from a bank, Internet service provider, retail store, or other organization. Instead of e-mails, smishing uses text messages to direct people to a fraudulent website or to call a phone number at which point they are asked to provide personal identifying information, such as a user name and password, or financial information.Smishing Is Phishing Via Text | Merriam-Webster
The opening picture on this page is an example of a smishing attempt. How cool that I came in first in March! Of course, this is a scam. (Note: On all the smishing examples in this post, I’ve blurred out part of the phone number and part of the link so no adventurer who reads this can get scammed.) Once again, a scammer is attempting to trick us by using one of the three pillars of Social Engineering – an attempt to tap into your dreams. (Reference: Social Engineering: The Weakest Link In The Chain) Who wouldn’t want to win something?
Let’s look at another one I received:
This second text example was pretty easy to spot as a smishing attempt since my name is JOHN, not JOE. Additionally, if you know anything about tracking numbers, you know they are more digits than the tracking number shows in this text message.
Of course, scammers often use fear as a motivator (you learned that from me in Social Engineering: The Weakest Link In The Chain (4kcc.com) and that’s also very true in fake text messages. Example:
In this message, the scammer is trying to scare us into believing there’s an issue with our bank. Oh, no, someone is trying to steal our money! Yes, someone is – the thief who sent this fake text.
Now that you understand what smishing is and have seen some examples, you might be asking yourself what you should do to not be scammed. Knowing you’re thinking that, here are some ideas:
You should know that smishing attacks are on the rise. When you put them under the FBI’s umbrella of Phishing, Vishing, Smishing and Pharming, they were the number 1 source of Internet fraud in 2020 with over 241,000 victims in the US. I don’t want to see you become one of these statistics in 2021 so please re-read this post!