Part of cyber safety is recognizing an attack when you see one; so, part of staying safe from smishing is taking some time to look at a smishing example. Recognizing a real-world message as smishing by having seen a similar smishing example before, is a fast path to staying safe. Just like email got more dangerous when phishing became commonplace, text messaging got more dangerous when smishing became a thing.
In this post, we’ll explore what smishing is, and what to look out for to keep your information safe. Feel free to also explore our more detailed post on this topic, where we look at 7 Suspicious Signs of Danger when you are evaluating the safety of a text message.
Phishing is “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.” Smishing, therefore, is the same fraudulent practice with the same attempted goal, but done over text message, or SMS (short message service).
We know that smishing is on the rise for many reasons. Anecdotally, our clients tell us about smishing attacks that they've experienced. Statistically, we know from Google Trends data (searches for Smishing Example) that there is a heightened interested and concern, as well:
Smishing is significantly less common than phishing (for now?), per Google Trends data.
And that's exactly why you should be concerned: most of us are far more attuned to identifying a fraudulent phishing email, than we are to identifying a smishing attack. Now is the time to change that, by looking at smishing examples to help you develop a level of pattern recognition to know when a message seems unsafe.
Simply put—your personal data and information. And further, your company’s data is at risk, as your phone likely stores sensitive company info as well. In many circumstances, smishermen will use the stolen data to make a profit. For example, trying to access your financial accounts by luring you to log in to a fake version of your banking website. Other smishing attacks attempt to get you to disclose confidential information or credentials for non-financial purposes. However, whatever the smisherman is attempting, the most common mechanisms that they will use in their smishing message, are as follows:
Common smishing examples include bank notifications, package updates, act-now coupons and urgent warnings. If you receive any of these from unknown numbers, be suspicious, especially for financial texts. Call your bank or credit card company if you have any doubt.There’s no fancy research we pulled to get these images—I just looked through my phone and asked colleagues to do the same. Here’s what we pulled:
This smishing example masquerades as a package tracking update. Aside from my colleague not being named Emily, this is formatted like most SMS tracking updates, making it all the more dangerous. Here’s a tip: Look at the URL. If it doesn’t look legitimate, don’t take a chance.
Once again—look at the URL. If this was truly a Whole Foods Market event, the URL would have “WholeFoods” in it.
When the subject line is full of random letters, it is a smishing attack. Don’t call these numbers.
Legitimate text messages should be formatted correctly, not looking like an odd email with poor grammar.
“WHZKOKFSGEYKGRURSFOGLRQWQEDMOTILDYDMBTD” isn’t a word. Don’t call that number.
Here's a quick list on what to do if receive a smishing text:
Good luck out there—keep your data and your company information protected from smishing attacks!
If you’d like to learn more about how to protect your company’s data, try Havoc Shield’s free trial.