In the world of cyber security, smishing is one of those words you tend to look at and think it’s a typo. But as scammers get more and more advanced, so do their methods and, believe it or not, smishing is one of them.
The word itself is a combination of SMS and phishing – as a smishing attack is a type of phishing message that is sent to your phone via SMS, or these days, through WhatsApp.
A phishing attack is a form of social engineering attack, where a cybercriminal sends a fraudulent message designed to trick the recipient into clicking on a malicious link or download. Often these attacks are designed to find out sensitive or private information, varying from bank details to passwords and login credentials.
When sent directly to your phone, these phishing-turned-smishing attacks tend to try and go down a more personal route, using the pretence that by having your phone number, they are someone you know, rather than a total stranger.
The family impersonation scam
In this smishing attack, the cybercriminal will pose as someone you know, normally a son or daughter, and claim they have been forced to get a new number as their phone was lost or damaged.
This will then be followed by a request of money, with the “child” claiming they need money to pay for their phone insurance, for an overdue bill or any other spontaneous payment that the fraudster believes they can get away with.
Using a combination of emotive language to make the victim believe the messages are coming from their son or daughter, the cybercriminal will get them to either transfer money to their account or, more commonly – to reduce the risk of new bank details raising suspicion – ask them to directly pay an invoice or bill for them.
Following some back and forth, the lucky ones will realise that the messages are not coming from their child, but the unlucky few will fall for this smishing scam and in some cases can end up losing thousands of pounds.
How to recognise and avoid these scams
If you receive a message from an unknown number, you should always try and verify the identity of the sender before you agree to any of their requests. If they claim to be someone you know, like a child or close relative, then advice states you should call the number you already have for this person.
After this, in cases where you’re unable to get through and verify the details but still have suspicions, ask yourself whether the messages sound like the person they’re claiming to be. Look at their spelling, tone and language used and compare it to previous messages you have exchanged with them. You can also ask them a question that only your family member would know, to further test their identity.
There may be cases when even after all these tests you are still unsure about whether the sender is who they say they are, but at the same time still worried in case they are telling the truth. If this happens to you – don’t panic. The safest thing to do is wait until you can verify their details. Never send anyone money if you’re not entirely confident you know who they are and always try to act with caution.
Reporting scam messages and asking for help
If you receive a message like this from someone you don’t know, the safest thing to do is immediately report the message. On platforms like WhatsApp, messages from people not in your contacts should be immediately flagged and give you the option to block or report the sender. If the message is sent via text, then you can report it by forwarding to 7726.
If you are still worried about falling for smishing attacks like these, other phishing attacks, or any other type of cyber-attack, then you might be the perfect candidate for cyber security awareness training.
At Boxphish, we provide training to organisations to help educate and inform our users on the variety of threats available, training them to be the first line of defence against cybercrime and recognise attacks before it’s too late.
To find out more about Boxphish and how we might be able to help you, book a demo with us today.