Smishing vs. phishing: why you need to know the difference
Cell phone users in the United States were recently warned by the FBI of a nationwide scam involving "smishing"—a cyberattack that targets individuals through text messages on their mobile devices. Cybercriminals were scamming smartphone users into believing they had unpaid road tolls!
Smishing, together with phishing, are two very sophisticated methods used by fraudsters to trick people into sharing sensitive information or sending money. But what's the difference between the two underhand techniques, and how can you avoid being duped?
FBI issues warning
The Federal Bureau of Investigation (FBI) has issued a nationwide warning after receiving widespread reports of "smishing" attacks spreading across the United States.
Smishing and phishing
Smishing, together with "phishing," are two methods of cyberattack that target unsuspecting users into sharing sensitive information or sending money to cybercriminals.
How does phishing work?
It's a cybercrime, a form of social engineering that targets individuals through email, text messages, phone calls, and other forms of communication.
Email phishing
Email is the most prevalent form of phishing. With access to your email, a hacker can masquerade as a legitimate source of communication, for example a bank or government agency.
Spear phishing
Spear phishing is a term used to describe a more targeted and sophisticated attack aimed at specific individuals or organizations.
Whaling
Whaling refers to a technique of phishing that specifically targets business VIPS, for example high-profile individuals such as CEOs or top-level executives.
Vishing
Vishing, also called voice vishing, involves scammers using fraudulent voice calls to deceive individuals.
What exactly is smishing?
Smishing is a term derived from "SMS phishing." As the name implies, it's a cyberattack that targets individuals through SMS (Short Message Service) or text messages. Like phishing, smishing attempts to deceive and manipulate users into carrying out actions or divulging sensitive information that compromises their security.
Different methods of smishing
There are several smishing types. Four frequently employed methods are malicious link messages, prize or lottery scams, financial scams, and urgent or emergency messages.
Prize or lottery scams
Prize or reward scams promise unexpected rewards or contest winnings, asking recipients to click a link to claim their prize. By doing so, users are asked to respond with personal information or pay a fee to claim the prize, leading to potential financial loss or identity theft. The attractive nature of receiving a reward makes this type of smishing especially popular—and very effective.
Urgent or emergency messages
An increasingly prevalent scam, this smishing attack usually targets parents, grandparents, or other family members. A bogus caller telephones or sends a message claiming to be a child or grandchild in trouble, or the friend of a family member, and urges the victim to wire money immediately to help with an emergency.
Scrutinize your inbox
Be vigilant and skeptical. Always exercise caution when receiving emails. Even prompts to reply like texting "STOP" to unsubscribe can be a trick to identify active phone numbers.
Be cautious
Avoid a knee-jerk reaction to an urgent message. Remain calm and measured and slow down. Instead, approach urgent account updates and limited time offers as possible signs of smishing. Likewise, double check any medical emergency message with friends or loved ones.
Get even on odd numbers
When receiving a call, be suspicious of odd-looking phone numbers. These can be evidence of email-to-text services and one of many tactics a scammer can use to mask their true phone number.
Use antivirus and anti-malware software
Better still, install antivirus and anti-malware software on your computers and mobile devices.
