SMiShing 101: phishing, but more dangerous

By Rebecca Kerr, OSCPA communications intern

Warnings about the dangers of email phishing are common, but not as many people know about the rise of SMiShing, phishing’s dangerous and tempting relative.

“The really good thing about this is SMiShing is almost exactly the same as phishing; it’s just a different medium,” said Damon Hacker, President and CEO of Vestige Digital Investigations.

SMiShing refers to fraudulent messages sent via Short Message Service – text messaging – rather than email. This usually takes the form of a message prompting the recipient to click a link. Once they do, malware is installed onto their device allowing the thief to get personal information, such as their Social Security or credit card numbers.

Hacker said although SMiShing is “nothing more than the same kind of attempts that attackers will use in phishing expeditions directed to individuals on mobile devices via SMS, there are a couple of practical implications that make [SMiShing] as dangerous, if not more so.”

He said the main reason people are more susceptible to SMiShing attempts is because of their awareness level; they have their guard down because they don’t suspect that crooks could have their mobile phone numbers, and “there is a tendency to already believe the messages they’re receiving are authorized,” Hacker said.

Another reason getting caught in a SMiShing scam is easy – perhaps surprisingly – is because of the size of your mobile device’s screen. Hacker said with email phishing there are ways to test the validity of a message, such as hovering over hyperlinks before clicking them to see the true destination. This isn’t possible to do with links sent via SMS, and the smaller screen size causes “some stuff that could be an indicator that [a link] is bad [to] be hidden or missed.”

The final reason Hacker cited is the convenience. Messages insert themselves into people’s daily lives in a way emails do not. He called text messages an “interruption” during busy lives that cause people to pause and pay immediate attention to them. Because of this tendency, SMiShing messages’ urgent and panic-arousing nature often cause people to quickly click possible fraudulent links from unknown senders.

The solution is to be vigilant, be proactive and be smart: text and click cautiously.