{"id":18265,"date":"2021-04-23T09:06:57","date_gmt":"2021-04-23T13:06:57","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/how-to-protect-from-smishing\/18265\/"},"modified":"2021-09-24T15:39:48","modified_gmt":"2021-09-24T11:39:48","slug":"how-to-protect-from-smishing","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/how-to-protect-from-smishing\/18265\/","title":{"rendered":"Smishing vs phishing \u2014 and how to stay safe"},"content":{"rendered":"

With smishing all the rage, media in the United States<\/a>, Italy<\/a>, and Brazil<\/a> have been cranking out alarming stories about new scams. The German police even issued an official warning<\/a> about one such campaign.<\/p>\n

The phenomenon has raked in massive sums, as evidenced by its search popularity. So, what is smishing?<\/p>\n

\"Rise<\/a>

Rise in search popularity of \u201csmishing\u201d on Google in the past few years<\/p><\/div>\n

What is smishing, and how does it work?<\/h2>\n

Smishing is phishing spread through text (SMS) messages rather than by e-mail; hence the term: smishing = SMS + phishing. Some classifications include phishing over messaging apps as part of smishing, but we consider that a separate category and won\u2019t be discussing it here.<\/p>\n

The goal, as with any other phishing attempt, is to trick recipients into divulging sensitive information, typically their online banking password or bank card information. To do that, scammers send text messages, generally about an invented problem \u2014 a delivery issue, unpaid bill, or blocked account, for example \u2014 that the recipient has to resolve by clicking on a link. After that, things can go one of two ways:<\/p>\n

Scenario 1 infects the victim with malware disguised as a legitimate application but whose actual purpose is to request important information;<\/p>\n

Scenario 2 takes the victim to a Web page disguised as a legitimate website but whose actual purpose is to request important information.<\/p>\n

The choice of scenario really depends on the scammer\u2019s comfort zone \u2014 malware or fake websites. The victim\u2019s outcome is the same either way. Similar scams have resulted in the theft of thousands of dollars<\/a>, euros<\/a>, and pounds<\/a>. Why has SMS phishing become so popular recently, and what makes it more dangerous than typical phishing?<\/p>\n\n

What makes smishing more dangerous than typical phishing<\/h2>\n

Most of us have more or less gotten used to e-mail phishing, and people by and large know how to recognize and avoid it. Text messages are a more unexpected channel for scams, so people are less likely to think a short message will represent a scam.<\/p>\n

Beyond that, although people trust text messages more, texts tend to be less secure than e-mail. Nowadays, every halfway decent e-mail service has an intelligent built-in spam filter. The filters aren\u2019t perfect, but scammers need to keep inventing new moves<\/a> to get past them. Unfortunately, when it comes to flexibility and accuracy, mobile operators\u2019 spam filters leave something to be desired.<\/p>\n

People also typically read their text messages on the go or between other tasks. That, combined with a lowered expectation of danger in text messages, means they tend to look less closely at text messages, making an attack more likely to succeed. In other words, when people get a message, they\u2019re likely to disregard their mental checklist of warning signs and just click through.<\/p>\n

Finally, SMS messages display fewer signs that would help you recognize a scam. When you get an e-mail, you can look at the sender\u2019s address, assess design and layout, and consider how plausible the message is overall \u2014 in short, you can look for standard red flags.<\/p>\n

With texts, even legitimate messages look a lot like one another, with short messages often employing nonstandard language and no design to speak of; and scammers with the technical skills can realistically spoof<\/a> the sender\u2019s info, replacing the sender\u2019s real number with a fake one.<\/p>\n

How to protect yourself from smishing<\/h2>\n

As with traditional phishing, you have strong defenses against smishing.<\/p>\n

Do not click on links or share any of your information in a text thread. As a general rule, the less activity, the better;<\/p>\n

Use two-factor authentication wherever you have the option. That way, even having a stolen password won\u2019t help criminals raid your account. <\/p>\n

Contact your bank immediately if you suspect criminals have gotten access to your account. The bank can freeze your card, change your passwords, and advise you about further steps.<\/p>\n

We\u2019ll close with a few FAQs to clear up any lingering questions.<\/p>\n

Should I respond to fraudulent messages, just to have them remove me from their mailing list?<\/em><\/p>\n

Do not do that. Responding simply confirms that your phone number is active. Unsubscribing can be hard even with legitimate companies; don\u2019t expect a fair deal from people breaking the law.<\/p>\n

What if it\u2019s not smishing but an important message from my bank?<\/em><\/p>\n

If you have any doubts, contact your bank directly. It\u2019s unlikely they sent that message, but speaking of contacting the bank, make sure to get that phone number from an official source, such as its website. Whatever you do, don\u2019t use any contact details from the suspicious text.<\/p>\n

Is there a way to automatically filter out phishing through SMS messages?<\/em><\/p>\n

Of course there is! Many security solutions have long used built-in filters to catch suspicious links in text messages and messaging apps, warn you about them, and make sure you don\u2019t lose money just because you let your guard down for a moment. For example, you\u2019ll benefit from such filters in Kaspersky for Android<\/a>.<\/p>\n\n","protected":false},"excerpt":{"rendered":"

Scammers have gotten good at using SMS messages to get bank card information and online banking passwords.<\/p>\n","protected":false},"author":2548,"featured_media":18268,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1486,9],"tags":[105,2495,1061,426,76,2445,46],"class_list":{"0":"post-18265","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"category-tips","9":"tag-android","10":"tag-international-day-for-universal-access-to-information","11":"tag-ios","12":"tag-mobile-devices","13":"tag-phishing","14":"tag-smishing","15":"tag-sms"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/how-to-protect-from-smishing\/18265\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/how-to-protect-from-smishing\/22783\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/how-to-protect-from-smishing\/9204\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/how-to-protect-from-smishing\/24627\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/how-to-protect-from-smishing\/22655\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/how-to-protect-from-smishing\/21733\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/how-to-protect-from-smishing\/25146\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/how-to-protect-from-smishing\/24467\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/how-to-protect-from-smishing\/30558\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/how-to-protect-from-smishing\/9575\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/how-to-protect-from-smishing\/39491\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/how-to-protect-from-smishing\/16842\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/how-to-protect-from-smishing\/17378\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/how-to-protect-from-smishing\/14776\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/how-to-protect-from-smishing\/26579\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/how-to-protect-from-smishing\/30600\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/how-to-protect-from-smishing\/26957\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/how-to-protect-from-smishing\/23819\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/how-to-protect-from-smishing\/29158\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/how-to-protect-from-smishing\/28956\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/phishing\/","name":"phishing"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/18265","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2548"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=18265"}],"version-history":[{"count":3,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/18265\/revisions"}],"predecessor-version":[{"id":18832,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/18265\/revisions\/18832"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/18268"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=18265"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=18265"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=18265"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}