Why You Can’t Always Trust Text Messages

We aren’t shy in terms of talking about phishing, its dangers, and what can be done to prevent it. However, it can be too easy to focus directly on email phishing and exclude the many other forms that phishing can and often does take.

Take, for instance, smishing.

Smishing is Phishing, Carried Out Through SMS

When all is said and done, phishing is just a form of scam where an attacker poses as someone they’re not as they communicate with their intended target, fooling them into handing over access to the resources the attacker is seeking out. Phishing comes in various forms: coming in through the emails that are so often the default example, voicemail messages known as “vishing” scams, and even through SMS text messages, a process that has been coined as smishing.

Aside from the format of the message, a smishing attack plays out similarly to any other phishing attack:

  • An attacker communicates with someone within a business, gaining their trust or inspiring fear by posing as someone else.
  • The attacker provides a link, allegedly solving the issue at hand, or requests that the target provide them with sensitive information
  • The target obliges, giving the attacker exactly what they want, whether that’s sensitive information or access to it.

The only real difference is the fact that smishing is spread via text message. That’s really the entire difference. However, the unexpected aspect of a text-based phishing attack helps make these efforts more effective. How often do you hear the term “phishing” and think about the text messages you receive on your phone?

If you’re like most people, not very often.

How to Tell a Text is a Phishing Message

Fortunately, spotting a phishing text is very similar to spotting a phishing email—again, the real challenge is keeping the possibility of text-based phishing in mind. However, if you can manage to do that, there are a few warning signs to keep an eye out for… some of which are quite similar to what you’d see in any kind of phishing attack:

Questionable URLs. As you should with any unsolicited message containing a URL, you should pause before clicking through any link you receive in a text message… and this is especially true of any that you didn’t have reason to expect coming in.

Outsized promises or scare tactics. Like many phishing attacks, smishing tactics largely revolve around getting the target to act without thinking. Watch out for messages that try to frighten you into immediate action or make unrealistic promises.

Excessive familiarity. While many businesses that utilize text messaging as a communication tool will take a more casual tone, there is certainly such a thing as too casual. Keep an eye out for messages that are too familiar for a business.

How to Avoid Smishing

Just as with more traditional phishing, the best advice is not to interact with the text message at all. Don’t click any links or send any information. If you don’t recognize the number, don’t respond without confirming its legitimacy.

Phishing of all kinds is a real issue for today’s businesses, which makes it all the more critical that your business is ready to handle it. Reach out to us to find out what we can do to help protect your business from the impacts of phishing. Call (610) 683-6883 today.

August 4, 2023
Shawn Kramer