We have probably all heard about phishing and most of us would be wise enough nowadays not to fall victim to such as attack. Let’s hope you are not still waiting for a cheque from that Nigerian prince.
Today, frauds are far more complex, with cybercriminals employing sophisticated new ways to try and steal our personal information.
Their latest approach appears to be through new so-called ‘smishing’ attacks.
Short for ‘SMS phishing’, a smishing attack occurs when a user is tricked into downloading a virus or piece of malware known as a Trojan horse onto their smartphone or tablet.
Similar to phishing whereby attackers try and steal your personal information by fooling you with a bogus SMS or email, a smishing attack uses a similar approach via your mobile phone.
The most common approach that has been adopted by using password recovery features in an endeavour to break into people’s email accounts. The reason that this approach is most common is because they use information that is freely available such as your mobile number and email address that can be found easily online – just think about your Facebook profile.
Some people document their whole lives on their social media accounts. As well as their email, other information such as their date of birth, children’s name and birthday, where they live, name of their pets, favourite sports team, the year they left school, all of which is information that some may use in passwords for personal emails or even online bank accounts.
Once the fraudsters gain access to your email account, they aim to gain access to other more sensitive information. For example, the hackers may try to make the most of the ‘I forgot my password’ option that often appears on many secure websites.
By clicking on this link and answering some basic identification questions you will be sent a new password or information regarding your old password. By having access to your email account through the smishing attack the hackers could have access to some very private information. Not only that, the hackers can change your private security data to their own personal email addresses or phone numbers.
Another example of a smishing attack sees users receive an SMS which reads something like: “Thank you from signing up to our online dating service. To get started, please visit the link below. Please be aware you will be charged 500 Baht per day if you do not cancel this order”.
While to some, receiving an SMS of this nature means only one thing, other unsuspecting users are perhaps not aware of its purpose. Worried they may suddenly incur hefty charges, they visit the link quoted in the SMS. They are then told download a file which is the trojan horse or malware that is used by hackers to steal personnel data.
A man in the UK recently lost 20,000 in a smishing attack after he received an SMS which appeared to be from his bank. The SMS said that fraudulent activity was suspected of being carried out on his account. The man was then tricked into revealing his password to fraudsters who then started withdrawing money from his account.
In order to ensure you do not become a victim of a smishing attack, you should be as conscious of online security for your smartphone or tablet as you are for your PC or laptop.
As a general rule, never reply to an SMS or email you receive out of the blue that request money, passwords or any other confidential information.
Banks are unlikely to contact you by phone, SMS or email and ask you for your password and you should always be suspicious of any communication which asks you for such information