SMiShing (SMS Phishing)

Phishing is a method of trying to gather personal information using deceptive e-mails and websites.

Lots of people still think of phishing as a type of scam that arrives by email and its standard definition of Phishing.

That’s because most phishing attacks do, indeed, arrive in your inbox – sadly, spamming out emails is cheap and easy for crooks, and it delivers results simply because of the volume they can achieve.

But phishing isn’t only about email – it’s a scamming technique that applies to every form of electronic messaging, including social media, instant messaging and even, or perhaps especially, good old SMS texts.

One of the delightful simplicities of SMS is that it was designed back when mobile phones first came out, and thus when network bandwidth was limited.

So SMSes are short, simple, and text-only, and this stripped-down nature actually makes them ideal for crooks.

Messages sent via SMS unexceptionably use a brief and direct style that means crooks don’t need to master the grammatical niceties of English to create believable texts.

The brevity of SMSes also means that shortened or unusual-looking URLs are commonplace, so we’re more inclined to accept them than we would be if they showed up in an email.

Even though services such as Skype, WhatsApp, Instagram and Snapchat have become the first-choice messaging apps of today’s youngsters,

SMS has never gone away, because every phone, on every network, in every country, still supports it.

What to do?

  • Change your password as soon as you can. If you think you just gave away your password by mistake, go and change it on the real site right away. Don’t wait to see what happens – get there before the crooks do. Don’t risk getting locked out of your own account, trying to convince your service provider that you aren’t the crook!
  • Look for obvious mistakes in messages. The crooks have upped their game and make fewer mistakes than they used to, but they still need to use bogus domain names, and they often make some mistakes. If any evidence of phishiness is there, make sure you act on it.
  • Don’t login via links sent from outside. Bookmark each provider’s logon page for yourself, or use a password manager that ties passwords to specific URLs. That way you won’t get suckered into visiting a fake login page that a crook pre-selected for you.
  • Report phishing scams – please do your bit to help everyone else