author photo
By Bruce Sussman
Wed | Jan 8, 2020 | 8:05 AM PST

How much time do you spend on your phone?

Maybe your answer is "too much."

Hackers understand this, and they are crafting all kinds of smishing attacks that meet you where you are—on your phone.

How do you define smishing?

The Oxford Dictionary defines smishing like this:

"The fraudulent practice of sending text messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords or credit card numbers."

This works by appealing to your emotions and creating urgency to get you to click a link in the text message.

Advanced forms of the smishing attacks can also download a virus or Trojan to your device. Click one of those links and hackers may gain access to your phone. 

5 smishing examples you should share

What do these smishing messages look like? Here are five recent examples you should share with others to help raise awareness.

As you look through them, consider the emotions the messages use to get you to act. Also, notice the company names. The text messages are claiming to be from companies we trust. Hackers hope that will help us fall for their attacks.

1. The urgent your bank account is locked type of smishing message. This one pretends to be from US Bank.

smishing-example-us-bank

2. The urgent message about your credit card smishing attack. In this case, claiming to be from American Express.

social-engineer-smishing-AMEX

3. The you won a prize and click here to get it smishing attack. In this case, it claims to be from Walmart. This is tempting because you've taken some of those surveys printed on your receipt. Did you finally win money you never thought you would? 

smishing-example-walmart

4. The it must be fake but it is also funny smishing attack. In this case, pretending to be from Amazon. You haven't taken this survey yet, but if you do, you're going to be a winner! (Actually, the hackers win.)

smishing-example-amazon

5. The unusual account activity smishing message that says you need to click to secure your information when just the opposite is true. (Do not click!) This one claims to be from Apple Support.

smishing-example-apple

How prevalent are smishing message attacks?

Smishing messages remain less prevalent than phishing attacks that arrive via email. However, according to Proofpoint Security Awareness, the number of smishing attacks is growing.

We're about to get the latest numbers on phishing and smishing for the last year during an upcoming SecureWorld web conference, which is complimentary: State of the Phish Report 2020.

Proofpoint experts will unpack its annual benchmark report, The State of the Phish. You'll also walk away with actionable insights on how to use the information to help secure your organization.

One thing that is true of most of these cyberattacks is that they use our emotions against us. For more, see 5 Emotions Used in Social Engineering Attacks

Comments