SMS Phishing is Evolving

SMS PhishingSMS Phishing or Smishing attacks have skyrocketed over the past two years. Attacks were up 328% in 2020, and recent data shows this new favored form of attack is up 700% in the first six months of 2021. Consumers have gotten used to businesses texting confirmation codes, special offers, and even medical appointment reminders. Most users do not have their guard up for phishing attacks over text message like they do for email. Criminals have been taking advantage of this oversight and collecting personal information or login and password credentials for everything from online banking to Amazon. A popular tactic might say something like, “Amazon detected a sign-in from a new device, was this you? If not click on this link to verify your account details.” Users who are not aware of this new tactic would click the link and give the criminals their Amazon user and password.

However, there is a new evolved version of this attack vector. Users are being educated not to click links in text messages any longer, so criminals are moving away from the link and asking for a response instead. A recent report from Krebs on Security cited a user who received a professional looking text message that appeared to come from their bank. Instead of a link, the message asked for a response. When the user responded the criminal called them from a number that looked like a Chase bank number.

SMS Phishing




Source: KrebsonSecurity


The user reported the operation was very smooth. The caller ID said J.P. Morgan Chase, and the scammer sounded professional and convincing. Luckily the user paused and told the scammer she would hang up and call the bank back. When she called back Chase said they had not called her or detected the payment alert shown in the text.

Luckily this user remembered the golden rule, “When In Doubt, Hang up, Look up, and Call Back.” The same principle works to avoid phishing scams over email. Phishing attacks are designed to evoke emotion. The criminal wants you to move quickly before you have time to think through the steps. Criminals are looking for new and more convincing ways to steal personal information every day. As we move into the holiday shopping season, it’s important to stop, hang up, look up the corporate phone number, and call the company directly.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright