For several years now, the increase in frauds has been impressive. Whether it’s to get money or to collect data, all reasons are good. In this context, a phenomenon is becoming more and more widespread: the smishing. But what is it, how does it work and what can you do to protect yourself? Let’s take a look at the issue.
What is smishing?
Smishing is a term created from the contraction of “SMS” and “phishing”. It is a fraud technique that consists in the extraction of personal and confidential data through text messages. Or, by extension, via a mobile terminal (GSM, smartphone…) In this case, criminals will rely on human failings rather than their ability to hijack computer security.
How does smishing work?
Smishing is a variant of phishing that aims to manipulate users into providing sensitive information. To do this, the criminal will pretend to be a recognized entity. Using various social engineering techniques, the criminal will influence the user’s decision-making process to achieve his goals.
What are the types of smishing?
There are three main types of smishing: login or payment method, malware installation and device theft or loss.
1. Login or payment method
In this case, criminals will contact you through a traditional SMS (or other) message. In it, there will be a link which allows you to validate an account or to provide your banking details for a tax reimbursement for example. When you follow the link, you are redirected to a screen site. This looks usually very similar to the official one. And it is when you enter your log in data that you allow criminals to have access to your credentials or credit card information.
2. Malware installation
This time, you receive a classic SMS (or other) message inviting you to click on a link, to track a package for example. To be able to track it, you are invited to download and install an application. Of course, it is not a good idea because it is in fact a virus (malware) and you have been victim of smishing. By doing that, you allow criminals to access to all your data on your phone.
3. Device theft or loss
It is also possible to steal your data if you lose your smartphone. After your loss, you receive a message on the recovery number you entered. You are asked to follow a link to locate your phone so you can find it back. On the site in question, again looking like the official one, you can enter your login data… and it is the action giving criminals access to your stolen device. And let them resell it easily.
So what to do?
Today, the number of smishing attempts is increasing. According to safeonweb.be, not only attempts, but also victims. And the trend is not reversing.
Fortunately, there are solutions to deal with this:
On a legal level
In December 2021, a law was introduced (by the government and BIPT). This requires all operators and players in the SMS environment to have a policy and a filtering system to protect end users and all their traffic from smishing among other frauds. All stakeholders have until the end of June 2023 to comply with this law.
Since 2018, we have implemented an anti-phishing solution. Based on artificial intelligence, this system allows an encrypted reading of messages to perform an initial sorting of SMS and block or report suspicious messages. This allows us to quickly inform the affected customer so that they can follow up on their traffic.
Be careful and use your common sense.
- Never respond to SMS messages from people you don’t know or from short numbers of which you do not know the source
- Check the sources of SMS containing links. And only click on links when you are sure of their origin.
- Never give out sensitive information via SMS and do not store your bank details on your smartphone.
No matter what we do, there will always be criminals trying to scam us. And no matter what the channel. At RingRing, we do everything we can to help you communicate with your customers in the most secure way possible. Contact us to start automating your communications.