Skip to main content

Smishing, what you need to know with advice from Iberdrola 556p3s

Digital security: understanding smishing with Iberdrola 3a6n4f

Internet Informatics Cybersecurity

Mobile phone scams are becoming more frequent and the methods used to carry them out are becoming more complex. Smishing is a type of text message scam. Find out what it involves, what types exist and how to avoid falling victim to this scam.

Smishing

Smishing cybercriminals use fake stories to gain the trust of victims and obtain their private data.

Smishing can sneak into your mobile phone in a number of ways. A text message from a bank warning us that they are going to block our . Another from a courier company asking us to pay to receive a package. A WhatsApp from a supposed relative who has lost their luggage at an airport and needs our financial to be able to travel. 

These cyber scams are becoming increasingly common. Although the motivations are the same, they vary in form and complexity in an attempt to capture the attention and trust of the targeted s. But what does smishing involve and how do cybercriminals execute it? Can we avoid falling victim?

What is smishing? 441444

The term smishing comes from the combination of the words "SMS" and "phishing" and involves social engineering to commit fraud via text messages. It is a type of phishing and is similar to other varieties such as vishing, where the deception is based on a phone call. It is one of the favourite strategies of online criminals to try to gain access to our confidential information or steal our money.

The criminals behind these cyber-attacks impersonate official bodies, businesses and companies. Sometimes they even impersonate family and friends to commit smishing based on a certain degree of trust on the part of the . These scams can be carried out by SMS, although WhatsApp is increasingly being used.

Attackers ask the victim to access a link on a fake website or to provide sensitive data such as s, online s, phone number, email, social security number or credit card details, for example. Sometimes they urge the to make a bank transfer with a false claim or entice them to an attachment that infects their device with malware. 

Examples of smishing 4v1z1j

As with other cases of social engineering, smishing attacks are based on excuses or pretexts. Cybercriminals use fake stories to play on victims' trust and emotions and trick them into taking their private data. Here are some of the most common types of smishing attacks:

 Financial institution.

Fraudsters pose as a spokesperson, representative or employee of the victim's bank and alert the victim that there is a problem with their . In order to solve the problem, the attackers ask the victim to follow a link or access a fake application or website where they must provide sensitive financial information: s, bank or credit card numbers. With this data they can make purchases or transfer money to other s.

 Representative of the istration.

Criminals pose as police officers, employees of tax collection institutions or other government officials. Smishing messages inform the victim that he or she must pay a fine or take action to claim a state benefit. When s follow the links to which they are redirected, the fraudsters steal their social security number and other information that can be used to impersonate them.

 Customer .

Attackers impersonate or customer service agents of well-known brands or even Internet providers. They inform the victim that there is a problem with their or that they have not claimed any compensation or refund. Again, these messages refer the victim to a fake website that steals their credit card or bank information.

  Parcels.

This type of smishing is one of the most common. The messages report an alleged problem with the delivery of a parcel. The victim is asked to pay an amount of money as a delivery fee or to to their to fix the problem. The scammers take the money or private information and disappear. Attacks under the guise of parcel delivery are common during holiday or Christmas periods, when many people are expecting parcels.

  Work context.

Hackers pose as the victim's boss or a colleague in the company and claim they need help with an urgent task. In this case, they use SMS or WhatsApp messages, although it also happens through other channels such as email. The victim may end up sending money or private information.

 Wrong number.

The cybercriminal pretends to send a text message to the wrong number. When the victim corrects the mistake, the scammer engages in a conversation to gain the victim's trust. Sometimes this situation continues over the long term, for months or even years. The attacker may even pretend to have romantic feelings for the victim. The goal is, once again, to steal money from the victim through loans or investment opportunities, among others.

 Social networks.

The offender pretends to be a friend of the victim and tells them that they cannot access their social media s such as Instagram or Facebook. To fix this, he pretends to need the to receive a code on his behalf. When the victim opens it, they allow the hacker access to their own .

  ing fake applications.

Some smishing scams trick victims into ing fake applications that are actually malware or ransomware. These apps may appear to be genuine, but in reality, they allow the 's confidential data to be stolen.

What do I do if I have been a victim of smishing? 5m1273

All s are at risk of falling victim to smishing. If you think you may have fallen for this type of scam, it is important that you take action as soon as possible through a series of measures:

  • Icon

    Identify what information you have put at risk in this scam.

  • Icon

    Scan your phone with an antivirus to look for any signs of hacking.

  • Icon

    Remove any content you have ed from links or attachments from your device.

  • Icon

    Change the s of all s that may have been affected.

  • Icon

    Enable two-step verification to prevent access and identity theft.

  • Icon

    Block your bank card if you think it may have been threatened and cancel any unauthorised payments that have been executed.

  • Icon

    the impersonated company/institution or your banking institution.

  • Icon

    Gather as much evidence as possible and report the incident to the State Security Forces and Corps.

Illustration

Source: The Cyber Helpine

 SEE INFOGRAPHIC: What do I do if I have been a victim of smishing? [PDF]

Tips to avoid becoming a victim of smishing z5e22

Any person or organisation, public or private, is susceptible to this type of cyber-attack. The most important thing is not to respond to or ignore any message asking for personal or financial information. Here are some steps to avoid being scammed by text messages:

  • The best advice is never to give out personal or banking information over the phone.
  • We should be wary of unknown senders or even block phone numbers that we think may be a threat. 
  • Ideally, the identity of the person sending the message should be verified. In the case of a company with which we have contracted certain services, we can ask for information and then the company to it.
  • We should not click on attached links or access any unknown application or page to make payments.
  • It is important to keep the operating system and applications up to date to ensure that minimum security standards are in place.

  • We must store s and banking information through encryption.
  • Finally, it is worth ing that entities such as banks or large companies never call to ask for confidential data such as numbers or s to access online banking.