Extract from BIA’s article “Smishing Attacks: How to Recognize and Avoid Them”
What is smishing?
Smishing is an attack vector that utilizes text messages (SMS) to deceive those targeted and convince them to provide information such as login credentials, financial account data, or sensitive personal details. The number of smishing attacks is on the rise, with some analysts attributing its growth in popularity to the increase in the number of those working remotely and relying more on their personal devices for communication. According to the FBI Internet Crime Complaint Center’s (IC3) Internet Crime Report for 2020, the combined total for reported losses attributed to the related social engineering attack vectors of smishing, vishing, phishing, and pharming exceeded $54 million for the year.
| Smishing | Cyberattack via SMS |
| Vishing | Cyberattack via Voicemail |
| Phishing | Cyberattack via Email |
| Pharming | Cyberattack via redirection of web traffic from a legitimate site to a fake one. |
To avoid falling victim to smishing and similar attacks, you first need to know how to recognize them.
What do smishing attacks look like?
Smishing texts frequently indicate that transfers of bank funds occurred or that some pending account activities require authorization to be processed. These messages may include fake authorization codes to be used to complete the transactions. Recipients are often instructed to click on links provided in the texts if they did not authorize the transfers or other activities. Clicking these links takes victims to malicious “pharming” sites where their personal information and account credentials will be required for whatever actions are necessary. In similar attacks, malicious texts also target cryptocurrency holders and may warn of suspicious account activities requiring their authorization.
