Part 2, Hikvision Senior Director of Cybersecurity on Examples of Smishing Hacks, Tips to Prevent Becoming a Victim of this Cyberattack
5 Tips to Identify and Protect Against Smishing from Hikvision
In yesterday’s blog, Hikvision’s Davis discussed an increase in smishing—a phishing hack that uses text messages to target vulnerable parties. Today’s blog will cover examples of smishing and five tips to help you avoid becoming a victim of this cyberattack.
A Refresher: What is Smishing?
Smishing combines the term SMS (text messaging) and the word phishing, a type of phishing that uses SMS and similar types of text messaging. Despite the name, smishing does not have to be delivered as an SMS text message. Smishing attackers will use any form of text or chat messaging that they can, such as Facebook Messenger, WhatsApp, GroupMe, Discord, Slack, or any other text-based mobile application or service.
Examples of Smishing
A smishing message may look like an alert from a courier service, a notification from a well-known bank or company, or even an announcement about the recipient winning a prize. As mobile numbers are tied to so many online accounts, sometimes the attacker will know the name of the target and include that in the message to add credibility. Below are some smishing examples to help you better understand and identify these types of attacks.
How-to Geek shared a package delivery smishing scam that could become very costly for a victim who is not paying close attention to the fine print. This attack starts with an SMS text message, informing the recipient that they have a FedEx package that needs the recipient’s delivery preference.
When the recipient clicks on the link, they are taken to a fake Amazon website where the recipient is informed that if they fill out a short survey, they will be given a change to receive a “Thank You” gift that is worth at least $100. As you can see in the image below, the web page looks and feels very much like the Amazon website.
After completing the survey and accepting the gift, How-To Geek states, “The real scam resides in the fine print. By agreeing to pay the small shipping fee, you’re also signing up for a 14-day trial to the company that sells the scammy products. After the trial period, you will be billed $98.95 every month and sent a new supply of whatever item you claimed as a reward.”
Scams are not the only style of smishing. Just like traditional phishing, many smishing attacks are trying to trick the recipient into sharing sensitive information or login credentials.
As you can see in the image below, there are three smishing examples. A fake bank security text, a free data offer that is using the target’s name, and a social engineering attack in Facebook messenger.
And, when you click or tap on the smishing link, you may be directed to a page that looks almost exactly like the valid website. You can see in the image below, there is little difference between the fake page and real page.
Five Tips to Identify and Protect Against Smishing
While it is more difficult to identify some smishing attacks versus a phishing email, there are some things that you can do. Below are five tips from Hikvision to identify and protect against smishing:
- Don’t respond to messages from phone numbers or accounts you are not familiar with.
- Check the phone number or code that sent the message. If it’s not familiar, look it up online and see if there are other reports of spam or smishing coming from that number.
- Often, a “smishing message will come from a ‘5000’ number instead of displaying an actual phone number. This usually indicates the text message was sent via email to the cell phone, and not sent from another cell phone,” shared Intuit.
- If you’re not expecting a message, be very cautious. If you place an order for food delivery and are instantly sent a text message with a link to check the status, it’s likely safe. If you receive a similar text message and did not place an order, be very cautious and log into the app or website directly to verify the order.
- If you’ve become the target of a smishing attack, How-to Geek recommends blocking the number immediately. iPhone and Android users both have access to built-in spam-blocking tools that should help cut down on the number of fake messages.
For more Hikvision insights to avoid hacks and reduce vulnerabilities, visit this link online.