What is Smishing?

Smishing is a form of Phishing over text message or SMS message. The criminal’s goals are the same as they are in typical Phishing attacks. Hackers are either trying to get you to divulge a username and password, install malware on your device, or convince you to send them money. There are numerous reasons criminals are using text messages instead of email for these attacks. First, the read and response rate is much higher in text messages. 98% of text messages are read, as opposed to only 20% of emails. Additionally 45% of text messages are responded to compared to only a 6% email response rate. Another reason for the shift is most consumers do not have their guard up against questionable text messages. Most technology users understand clicking a link in an email could be falling into a trap, but we don’t have the same suspicion around text messages yet. A third reason is many reputable websites use SMS for two-factor authentication.

I received two Smishing messages attempting to look like they came from Amazon.

 

 

 

 

 

 

 

 

 

 

Just like typical Phishing emails, the text messages are designed to create urgency. The first message looks like a two-factor authentication message. Since I wasn’t trying to log into my Amazon account at the time, the message makes me think someone else is trying to log into my account. There were a few things that made me pause and not click on the link, however. First the message came from a phone number, and not in the typical chain I get two-factor codes from Amazon in. The other 2FA codes I had from Amazon were all in the same text chain and did not have a link associated with them. Also, the more I looked at the message I noticed the odd grammar, and “don’t” was missing an apostrophe. I received the second message five hours later. This message is supposed to create more urgency. Notice the end of the URL is the same random numbers and letters. Also notice there should be a period after “detected” and Amazon would probably capitalize their company name in correspondence.

Criminals are finding new ways to steal information and money. The technology industry is slowly moving away from SMS authentication to more reliable sources. Read our blog on Microsoft’s stand on SMS authentication Here. Continue to be vigilant and suspicious of links you click on, even in text messages.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright