As the prevent smishing and SMS fraud grows more secure, spam filters in email programs have become better at identifying suspicious messages. However, the trust people place in text messaging as a form of communication makes it easier for attackers to exploit the medium with SMS phishing scams that pose as companies or service providers. By impersonating trusted brands, smishing scammers can convince people to click on malicious links and divulge sensitive information that could be used for theft.

Whether it is an “urgent” message from the bank, or a warning about missing packages or unauthorized transactions, smishing scammers create a sense of urgency to compel people to take action. Often, the message will request personal or financial information that could be used to steal money, credentials, or data. In one example, cybercriminals posed as the USPS to get victims to pay for a redelivery fee.

What an IP Threat Intelligence Feed Can Reveal About Attackers

People can protect against smishing attacks with individual vigilance and organizational security measures. In addition to educating employees on the dangers of SMS phishing, businesses can deploy brand monitoring tools to scan telecom networks and other sources (including social media and dark web activity) for lookalike domains and phishing pages.

Additionally, individuals can report suspicious text messages to the carrier or to 7726 (SPAM), which is an automated number that forwards messages to wireless carriers for blocking; they can also visit the Federal Trade Commission website to report smishing. Finally, individuals should make sure to update mobile operating system software and apps regularly to ensure they have the latest security patches.

…