Hyderabad: As many people conduct banking transactions through phones, financial institutions are the prime target for smishing. Smishers try to create a sense of urgency through th SMS they send in order to trick you into giving up personal information.
These scams can present themselves in many forms like misleading offers for “free” ringtones, sweepstakes offers, or a pressing matter from your bank or financial institution. Some messages say: ‘We’re confirming you’ve signed up for our xyz (food/dating etc) service. You will be charged some money per day unless you cancel your order’.
The McAfee Mobile Threats Report 2018 revealed that there is a rise in mobile banking Trojans being delivered as fake updates or through SMS, primarily to gain access to the victim’s personal information such as user credentials and banking details.
Smishing scams have been around for a decade now, but they are becoming more prevalent as people are getting suspicious about emails. Cyber crooks have access to technology that generates mobile phone numbers based on the area code which could then be plugged into a cell carrier’s given extension to ultimately generate the last four digits of the mobile number. Then, Smishers use online applications such as “mass SMS software” available free of cost on the internet to spread messages infected with malware.
According to Kaspersky Lab, a Russian security and software services company, “Countries like India are developing so fast that, it opens the doors for more cyber attacks. While India’s economy is growing fast, more people are getting access to the internet, large cities have 4G, and Android devices are becoming popular. People need to be educated about antivirus solutions and to be made aware about not falling for smishing attacks.”
Clicking on the links could be harmless, but it could more likely insert malware into your phone or at least alert scammers to the fact that your number is active and worth targeting again. Experts advise that customers call their bank directly to verify the alert instead of clicking any links in suspicious text messages. According to a Norton by Symantec spokesperson, “SMS phishing will use some sort of scare tactic to get a quick reply without giving you much time to think about the action. It could be in the form of a notice from a bank or financial institution, where the phisher requests immediate action or your account will be closed. If you feel your accounts are in danger, look up the company’s customer service phone number online and call them to verify the text.”
SBI, HDFC, ICICI and several other banks have issued several tips to secure financial information. Venkat Krishnapur, McAfee MD, says, “Though netizens are now cautious of unmindfully clicking on a website link, SMS is still considered a more trusted form of communication. Taking advantage of this, sMiShers use text messages to spread malware as the user has no way of verifying the link but to click on it.”
Most smishing attacks are conducted to fill in missing personal information such as your date of birth, pin number, password or any other detail that will help them break into the user’s accounts. Consumers need to watch out for some telltale signs that contain clickbait phrases such as “immediate attention”, “confirm details to continue enjoying the services” or bogus notices requesting the reader to mark the emails as “not spam”. Mr Krishnapur added, Examples of smishing:
(Name of well-known online bank) confirms you have purchased a laptop from (name of well-known computer company). Visit [this URL] if you did not make this online purchase.
“We confirm that you have signed up for our food delivery service. You will be charged Rs 50 a day unless you cancel your order on this URL now: [URL]”.
