Get Started Today!  (415) 295-4898

croom new

415 IT Blog

Smishing Isn’t as Funny as It Sounds

Smishing Isn’t as Funny as It Sounds

As serious as they are, cyberattacks aren’t always given the most serious-sounding names. We are, of course, referring to “phishing”: the manipulation of the user, rather than of a computer system, to gain access to data. Phishing can come in many forms, with some—like phishing someone via SMS message—doubling down on the silliness of the name. Let’s examine this variety, and why “smishing” is not something to trifle with.

Phishing + SMS = Smishing

When a cybercriminal utilizes a phishing scam, they aren’t necessarily using any advanced technologies to crack your digital protections. Instead, they’re hacking the user, taking advantage of their target’s assumptions, bad habits, and unawareness to trick them into handing over information or the means to access it. One particularly famous example of a classic phishing scheme is the old “email from persecuted royalty” ruse, known as the Nigerian Prince scam.

How Smishing Works

By sending a message that claims (and may even appear) to come from an authority figure or trusted contact, an attacker can bypass your security by convincing a user to undermine their protections.

Smishing is simply the application of these principles via a text message, rather than through the generally standard email.

Instead of an email or phone call, you could get a text message from a number that claims to be an institution that you do business with, be it a financial institution, a service provider, what have you. More recently, many smishing attacks claim to have come from authority figures trying to share information about the COVID-19 pandemic.

The message might share details that seem to confirm that the sender is who they say they are. This message would then closely resemble a phishing email, but since it isn’t the format that most people expect phishing to come in through, it could easily go unnoticed. Either way, like any phishing attack, the text would try to get you to react without much thought.

Chances are, there will be a link included with the message, prompting you to log in. The problem is the link will direct you to a fraudulent login page which will collect your actual credentials. Some will prompt you to download a document, which (surprise, surprise) is hiding some variety of malware in it.

So, simple as that, an attacker suddenly has access to one of your accounts, or potentially your device itself. Just take a moment and consider how much sensitive data you likely keep on your phone, data that could then be extracted by the hacker.

This, naturally, needs to be avoided.

To prevent this from impacting your business, you and your entire team need to be able to recognize a phishing attempt in any of its forms—even when it comes in via text message.

How to Spot a Smishing Message

Fortunately, once you’re aware of the threat that smishing poses, spotting it is much easier. In fact, if you’re familiar with the basic principles involved in spotting a phishing attack, spotting smishing is very similar:

  • If the sender isn’t familiar, don’t open the message and definitely don’t access any links. Just as is the case with a suspected phishing email, even opening a suspected smishing message is potentially risky. If you do happen to open it, don’t click through any links that will almost certainly be present.
  • Don’t provide any sensitive information without confirming the legitimacy of the message through another means. Let’s say you get a text message from Facebook informing you of an issue with your account, with a link to log in and resolve it. Instead of clicking through the link, check your Facebook through the app or your Internet browser. If someone supposedly sends you a request for a password, call them back to confirm the request first.
  • Block numbers you suspect of phishing. There’s a chance that your mobile device offers the capability to block texts, much like an email client can filter messages. Investigate your phone’s capabilities and apply any settings that may help.

As a final note, you need to make sure your entire organization is keeping security in mind as they go about their workday, and that they know how to identify and respond to any threats they may come across. Of course, applying certain protections across your entire network doesn’t hurt, either.

415 IT is here to assist you and your team with any of your IT needs, from security to productivity to mobility. Learn more about our services by reaching out to us at (415) 295-4898, or by exploring our website!

Knowing Your Technology Means Knowing What to Expe...
The Help Desk Keeps Business Running Smoothly
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, January 19 2021

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://web.415it.com/

Mobile? Grab this Article

QR Code

Tag Cloud

Security Tip of the Week Technology Productivity Business Computing Best Practices Data IT Support Data Backup Network Security Privacy Hosted Solutions Cloud IT Services Efficiency Software Data Recovery Internet Email Managed IT Services Business Mobile Device Phishing Small Business Malware Google Collaboration User Tips Innovation Outsourced IT Hackers Cloud Computing Cybersecurity Tech Term Upgrade Smartphone Business Management Hardware Microsoft Computer Communication Managed Service Mobile Devices Android Business Continuity Workplace Tips Windows 10 VoIp Covid-19 Smartphones Quick Tips Backup Ransomware Disaster Recovery Paperless Office Managed Service Provider Communications Network Remote Work Encryption Browser Passwords Data Management Office 365 Business Technology Server Users Saving Money Wi-Fi Remote Monitoring Managed IT Artificial Intelligence BDR Social Media Help Desk Internet of Things Document Management Save Money Government Windows 7 Healthcare Compliance Vulnerability Holiday Managed IT services Microsoft Office Windows Data Security Automation Applications Blockchain Scam Miscellaneous Facebook Laptops Chrome Bandwidth Tip of the week Vendor Management Gadgets Project Management Wireless Virtualization Avoiding Downtime Mobile Office Information Two-factor Authentication Antivirus Health Redundancy Processor Employer-Employee Relationship Remote Analytics Office Virtual Private Network Information Technology Mobility Machine Learning Employee-Employer Relationship OneDrive Managed Services Training BYOD Website IT Management Apps Company Culture Data Loss Customer Relationship Management RMM Infrastructure Net Neutrality IoT Maintenance Regulations Software as a Service VPN Proactive Meetings Hard Drive Networking Storage Router Files Access Control Employees Electronic Health Records Instant Messaging Remote Computing Consulting Downtime Mobile Security Data Storage Flexibility Professional Services Server Management Word Unified Communications Patch Management Data Breach Recycling Social Network Managed Services Provider Remote Workers Vendor Assessment WiFi Gmail The Internet of Things Cooperation Risk Management Alert Password Money Network Management Consultation Holidays Management Co-Managed IT Tablet Monitoring File Sharing Internet Exlporer File Management Dark Web Augmented Reality Spam Time Management Remote Worker Remote Monitoring and Management Smart Technology Search Financial Computing Operating System Payment Cards HIPAA Utility Computing Bring Your Own Device Unified Threat Management Display Screen Reader Remote Working WPA3 Teamwork Firewall Identity Virtual Machines Servers Lenovo Cybercrime Procurement Cyber security IT Consulting Return on Investment Comparison Licensing Reviews Samsung Options Telephone Modem High-Speed Internet Biometric Technology Tips Tech Support Recovery SharePoint Data Warehousing G Suite IT Assessment Bluetooth Bookmarks ROI Smart Tech Budget Mail Merge Fleet Tracking Shared resources User Error Zero-Day Threat Going Green Distributed Denial of Service Mobile Credit Cards Superfish Cyberattacks Database Management Social Legislation Settings Customer Service Personal Information Specifications End of Support 5G Mobile Device Management Mobile VoIP Development Gamification Digital Payment Hotspot IT Technicians Cost Management CRM Manufacturing Downloads Operations Motherboard Chromebook Digitize Virtual Assistant Favorites Bitcoin Connectivity Address Asset Tracking Backup and Disaster Recovery Batteries Managed IT Service Computers Websites Read Only GDPR Security Cameras MSP Transportation Finance Active Directory Black Friday Migration eWaste Windows Server 2008 Gifts Point of Sale Wireless Internet Tech Terms Big Data Cookies Cables Mouse Language Content Filtering Smart Devices Vulnerabilities Shadow IT Wasting Time Techology Conferencing Current Events CIO applications Human Error Break Fix Managing Stress SaaS Printing Outsource IT Technology Laws Authentication Windows Server Cyber Monday Staff Chatbots Hacker E-Commerce Employer/Employee Relationships Theft Apple Permissions Nanotechnology Wires Disaster Resistance Computing Infrastructure Mirgation Emergency Hard Disk Drives Multi-Factor Security Electronic Medical Records Sensors Microsoft Excel Mobile Computing Outsourcing Touchscreen Hacking Outlook Database Wearable Technology Star Wars Peripheral OneNote Printer Permission Enterprise Content Management IT Notes Laptop Unified Threat Management Authorization User Management Identity Theft Enterprise Resource Planning Optimization Heating/Cooling Features Proactive Maintenance Solid State Drive Google Calendar Fraud App Shortcut Voice over Internet Protocol Proactive IT Politics Projects Alerts Cache Banking Solid State Drives Geography Video Conferencing Trending Travel PCI DSS How To Test Value of Managed Services Virtual Reality Social Networking Business Telephone Statistics PowerPoint Private Cloud Regulation Marketing Twitter Printers Education CEO Students CES Daniel Stevens

Latest Blog

It isn’t often that you’ll hear a managed service provider say something like, “There’s no school like the old school.” In many ways, however, the basic principles of a solid business IT strategy haven’t changed all that much… despite the momentous changes that we’ve witness...

Latest News

We are proud to announce that 415 IT and our CEO, Daniel Stevens, were recently featured by CIO Applications. We discussed how and why we serve our clients, as well as some sneak peeks for our future. Read our interview by visiting:  https:...