The name may not be well known, but the truth is that according to Interpol, smishing is one of the most widely used cyber-crime practices against cell phone users to steal information.
But... What is smishing?
It is a type of phishing a technique of impersonation whose objective is to obtain information through deception but carried out through messaging systems, such as SMS, WhatsApp or private messages on social networks.
It consists of a text message that acts as bait, the aim being to capture the victim's attention so that they click on a fraudulent link.
How to discover smishing
The technique of smishing is based on deception and, like all deception, requires the complicity of the victim to achieve its purpose. For this reason, it is essential that it can be identified in time.
The first recommendation is not to underestimate the attackers; they are increasingly ingenious in developing tricks, more careful with details and more professional in technical execution. Even so, it is possible to discover them and avoid their traps.
It is necessary to know that to design their 'baits', they use psychology and sociology. Their strategy consists of manipulating the victims with emotional elements that are common to most people, such as the desire for prizes and rewards, fear, urgency, solidarity or curiosity.
Key elements that should put you on your guard
Every now and then, the Internet user finds himself with messages ready to convince him that he has won the lottery, or that he only has to send a message to 10 contacts to get the latest iPhone, or send personal data in a form to get an 80% discount at department stores.
The Spanish police, for example, are having to warn on their official Twitter account about campaigns aimed at obtaining information fraudulently through text messages. In one of the most notorious cases, Netflix allegedly gave away free accounts in exchange for following an account and giving RT.
Naivety and ignorance are the best allies of this type of scam. Commercial temptations in the form of bait have skyrocketed: Zara, H&M , Ikea and an endless number of brands have been supplanted to carry out 'smishing' attacks.
The motto to keep in mind is: "If something seems too good to be true, it probably is too good to be true."
The best prevention against this type of bait is mistrust and common sense. Many brands make good promotions, but from there to giving away a whole year's worth of subscriptions for making an RT... you will agree that it defies all logic, right?
If you receive one of these messages remember:
It is essential not to provide any personal information, not to click on any internal link, not to respond to these messages and above all, not to resend them because, then, you are contributing to spread the threat and you are sending a poisoned message to all contacts.
On the other hand, if you think that the offer may be authentic (and sometimes it is) instead of following the link that appears in the message, it is advisable to go to the official website of the brand and check if it is an authentic promotion because, if it is, it will be announced in its official channels
Urgency and fear
If you detect urgency in the message and the need to take immediate action, be on your guard, it is very likely that it is a smishing attack. Here they use the image of banks, electricity companies and even Google.
In the case of Google, one of the most commonly used methods of smishing is to send a message from Google's technical support center warning that a password has been compromised and must be changed urgently. To do this, you must click on a link that replaces the Google page and asks you to enter your data, including the password. The end is known, as soon as they do with the password they have access to all services associated with that account, including Google Play.
But they are not the only ones. These messages can come from senders claiming to be Apple asking you to change a terminal ID before it expires, the bank saying they've detected unauthorized operations on your account or unusual activity, or from PayPal warning you which account has been compromised.
Ejemplos de mensajes desde un supuesto centro de soporte técnico.
What do these messages have in common?
In all cases they include a link that must be followed to avoid further damage. They all seek to cause you to lose your mind and act impulsively.
The target of the attackers
The recommendations are the same as above, especially be wary of any message that requires immediate action. It is better to check the information with the supposed sender of the message, not to follow any links and not to respond to these messages.
Likewise, bear in mind that BBVA will never send messages that redirect you to a page that requests your access credentials or bank details. Prudence, distrust and common sense are the best allies to avoid being victims of these scams.
As additional security measures, it is important to take some precautions:
- Always install an antivirus on your devices, as many of these malicious links download 'malware' or Trojans capable of hijacking information without your knowledge.
- Keep all applications updated.
- Check the permissions of the applications before downloading them to determine whether those requested (access to our sms, contacts, camera, etc.) are within reason for the operation of the application.
Always remember that this type of attack requires an unwitting accomplice taking the bait. It is always better not to be one of them.