Smishing Scams – Serious Fraud with a Silly Name!

Smishing attacks aim to gain access to your private information by using SMSs to target victims. Smishing is becoming an emerging threat that continues to grow over the years. Why? Because mobile banking is becoming more and more commonly used these days.

Here’s how smishing attacks work:

- You will receive an SMS that seems legitimately from a popular bank or organisation asking you to contact them on a number or click on a link.

- Once you contact them or click the link you will be asked to give out your personal information such as your account number, password or PIN.

- The scammers now have access to your accounts, etc. and can do with them what they wish.

In this day and age, people use their smartphones for basically everything, including online banking. There is a lot of private information at risk if your phone is exposed to a scammer.

Here’s how to identify a smishing scam:

- You are SMSed and asked to confirm your private details such as your bank account number, PIN or password. A legitimate bank will never ask for this over an SMS. The best thing to do is call your bank or the organisation directly to double-check the SMS is actually from them and the information is not fake.

- There is a sense of urgency such as if you do not confirm your account your bank account will be closed or you will receive an SMS with a link that you need to click on in order to make an urgent outstanding payment.

- The SMSs are usually from a strange, unknown, toll-free number and the grammar is usually bad or doesn’t make sense.

- Always remember that your bank will never ask for your private details over the phone!

It only takes one bad SMS to compromise your overall security! Use a little common sense and caution to ensure that you don’t become the next victim of smishing.

Contact our OSINT (Open-Source Intelligence) Department on 021 110 0422 or email contact@osint.co.za to learn more about smishing as well as our other services. 

What do you know about SMS & Mobile Phone Phishing?

Because there has been a rise of mobile phone messaging services such as WhatsApp and Facebook messenger, cybercriminals now have a new way to attack users!

SMS phishing or SMiShing works in the same way as email phishing – the victim is sent a fake offer or warning that appears to be from a legitimate company or organization. The message usually contains a malicious link that the victim is persuaded into clicking.

A SMiShing message is often short and to the point with the aim of shocking or scaring a user into clicking the link without thinking twice. A common method is when cybercriminals pretend to be from a bank, warning the victim that their account has been closed, disabled or compromised.

Because the fraudulent message is received via SMS or private message, it can be difficult to realise the message is fake. Why? Because these messages do not contain warning signs of a scam such as the senders email address. Without knowing the SMS is fraudulent, the victim will click on the link willingly and hand over their private information and/or passwords to the cyber attackers.

Here are some helpful tips on preventing SMiShing:

1. Do not click on unknown SMSs or private messages hat contain links!
2. Never reply or give out your personal information if you receive an SMS asking you to
3. If the SMS asks for a quick/urgent reply this is a sign of SMiShing
4. An SMS states “Congratulations, you have won”, etc. this is another sign of SMiShing
5. Should you receive an SMS from your bank, always call your banks customer service line first to double check that it is legitimate

Trust your instincts – if the SMS doesn’t seem right, do not click on it!

TCG Forensics offers a range of cellular and digital forensics services. Should you need the assistance of an expert forensic investigator please do not hesitate to give us a call on 021 110 0422 or email contact@tcgforensics.co.za

How to protect yourself against SMS Phishing Attacks (SMiShing)

Everyday scammers are coming up with new ways to target people and trick them into parting with their money. Nothing digital is safe anymore – social media networks, emails and now even SMSs.

SMS phishing, otherwise known as SMiShing, are phishing scams that are sent out on SMSs!

Here are some helpful tips on how to spot a SMiShing scam SMS…

Always double check SMSs from your bank. If your bank does send you SMSs, then be sure to find out what number they use so if you receive an SMS you can compare it and find out if it’s legitimate. If you do now know the number, call your bank’s customer service number just to be sure.

Be wary of suspicious-looking numbers & links. Scammers are likely to mask their identities so they will use a variety and different phone numbers as well as unusual links in SMS scams – if you receive any SMSs from strange numbers that you do not recognise always double check with whoever sent it and NEVER link on a link you do not recognise.

Report threats. Should you ever receive regular SMS scams, any threatening or potentially dangerous SMSs always report it to the local authorities, cybercrime centre/website or get in touch with a professional digital or mobile forensics expert from www.tcgforensics.co.za in South Africa – call 021 110 0422 or email contact@tcgforensics.co.za

Always stay vigilant and be aware of the common techniques that SMS scammers use when they’re SMiShing – this will go a long way when it comes to keeping yourself and your money safe!