The mobile high-tech threat: Smishing

Mon Apr 20, 2009 9:55AM EDT

See Comments (123)

What's the best way to disguise a phishing attempt so no one can tell where a request for personal information or a password really came from? Easy: Send it via text message.

"Smishing" is the name being given to the not-entirely-new but growing practice of sending phishing come-ons and scams via SMS message. And spammers are apparently finding it an increasingly easier proposition to text a phishing message to you rather than to email it traditionally.

Why's that? You've probably received hundreds or thousands of phishing emails and immediately saw through the ruse: Images were broken, the "from" address was wrong, words were misspelled, or links in the message were obviously directing you to phony websites. There are dozens of things that phishers have to get right for an email scam to fool anyone, and that's apparently quite difficult to do. Making things even tougher, many of those emails are now blocked by ISPs and spam filters and never make it to their intended targets.

Those problems don't really exist at the SMS level: Very few SMS messages are blocked, and since they are composed entirely of text, no images required, it's often impossible at a glance to determine if a message is real or fake.

One popular smish threatens the user that he is about to be charged for something unless he cancels it, with a message like: "We're confirming you've signed up for our dating service. You will be charged $2/day unless you cancel your order by clicking here: phonysite.com." Of course there are no pending charges, and the site you're directed to is completely fake, its goal being to collect your credit card number (which you will helpfully enter in order to "cancel" the charges), or install a bit of malware on your computer (or even, someday, on your phone).

Smishing messages may instead direct you to call a toll-free number in order to complete or cancel some financial transaction, the only difference being that a human operator will handily take down your credit card or bank account number for you, to save you the trouble of typing it online. Of course, the number you called is phony, too.

What should you do if you receive a message you fear is a smish attack? The answer should be pretty obvious but bears repeating: Virtually no credible financial institution, utility, or other business will communicate with you via SMS with the exception of your cell phone provider. Don't recognize the website or phone number being sent to you? Don't call it. If you're worried about an upcoming charge, contact the service provider or bank directly via means you know are legitimate and ask them directly about the message. They'll likely tell you what you already know: Just ignore it.

Comments on The mobile high-tech threat: Smishing

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 106 Posted by etniesgrrl0320 on Thu Sep 3, 2009 3:56PM EDT Report Abuse

    I think if your child doesn't know they have signed up for a premium text message then they're too young to be texting. Actually, texting is pointless anyways. I'm 19 years old, within the age group of textaholics and yet I would rather talk to someone in person. I hate phones.

  • 107 Posted by ytm40 on Thu Sep 3, 2009 10:58PM EDT Report Abuse

    Thanks to those who left helpful advice on blocking unwanted text messages (especially the Blackberry one). Was nice reading posts that were part of a solution as opposed to ego stroking.

  • 108 Posted by jparkx1 on Thu Sep 3, 2009 4:42PM EDT Report Abuse

    It's not entirely true that no credible financial institutions send texts, I get texts from my bank concerning account balances. You just have to set it up from the bank's site. What I'm curious about is how these phishers gain access to cell phone numbers to send these texts out.

  • 109 Posted by myshirtshack on Thu Sep 3, 2009 7:32PM EDT Report Abuse

    Once cellular technology gets this far along it's pretty much guaranteed that spam will find it... In Germany they fixed the problem easily -- by law. They can send all the texts they want, but THEY pay for it not you. It's totally free to receive texts and calls there, you only pay if you press the 'send' button yourself. I think it's time to address this in the US too -- I know I'm sick of paying for "how are you?" texts sent by someone I don't know who has a wrong phone number...

  • 110 Posted by mindshifthigher on Thu Sep 3, 2009 7:21PM EDT Report Abuse

    I have no use for texting. If I don't get the person I call, I leave a voicemail. When texting became common I started getting wrong number texts. I could delete them, but I was charged for receiving each one. Initially, the people at T-Mobile would tell me the service was necessary in order for me to receive important updates from them. There must have been a lot of other customers like me, who don't want text messaging, because you can now ask customer service to block all texting. I still get phone company texting, but it is free. Thank you T-Mobile for listening.

  • 111 Posted by rockonandpassout on Thu Sep 3, 2009 8:47PM EDT Report Abuse

    Ok, guys. I work for Verizon Wireless. If you are receiving messages from companies, they are probably from a 5 or 6-digit number. These are premium text messages, merely write back the word STOP to the exact number, and you should receive one final message from the company telling you that it has been cancelled. Also, for the mom who is receiving 50 per day, try sending STOP to each number. This should definitely cancel the majority of companies. Now, whenever you're online and it asks for a phone number, either put a fake one, or don't put one at all.

  • 112 Posted by kentnorton on Thu Sep 3, 2009 4:49PM EDT Report Abuse

    STOP WORKS just send it, but dont just blndly open all txt messages. www.twitter.com/cantubury

  • 113 Posted by dafaolta on Thu Sep 3, 2009 3:34PM EDT Report Abuse

    There's a probem with your theory about 'no reputable institution' because Chase bank has a whole TV commercial campaign centered around them texting you when you are about to be overdrawn, for example. I remember being amused by the one spot showing the climbing couple hanging off the side of a mountain discussing it.

  • 114 Posted by valgerdgydhja on Thu Sep 3, 2009 10:31PM EDT Report Abuse

    @ tinkerleah. Why don't you take the address from those e-mails and block further messages from the sender? Hitting the "remove me" doesn't work in e-mails as a rule as that only confirms the spammer now has a legitimate address to send their stuff to.

  • 115 Posted by lyle_gerard on Thu Sep 3, 2009 7:01PM EDT Report Abuse

    It amazes me that people still think that spammers are legitimate . . .

  • 116 Posted by shellyconey on Thu Sep 3, 2009 9:19PM EDT Report Abuse

    Tink, check your cell phone provider because you may be charged a fee for those text msgs! My son did a similar thing, he played a game and they were charging me a monthly fee. At the time I didn't have unlimited text. Each text opened after my monthly quota was a charge! I had to call the 800# and ask them to stop the texts and didn't open anymore of them that I didn't recognize.

  • 117 Posted by margieenicks on Thu Sep 3, 2009 7:06PM EDT Report Abuse

    leave your cell phone turned off except when you need to use it. I have avoided many text mesaages that I would have had to pay for....I don't have that service.dumbo3

  • 118 Posted by lizdiaz69 on Thu Sep 3, 2009 6:54PM EDT Report Abuse

    SIMPLY IGNORING IT, IS NOT THE SOLUTION. ITS MY MONEY, MY PERSONAL INFORMATION. IGNORING IT IS NOT A WAY TO STOP THEM. THE CONSUMER HAS NO RIGHTS???

  • 120 Posted by mikeschentag on Thu Sep 3, 2009 7:20PM EDT Report Abuse

    as a reply to Tinks comment, dont worry they dont have your card number they just got your ip from the site and phished you for your email, thus the spamming. dont worry just keep marking them as junk, eventually your computer will get an update or something and it will update your junk folder and they will just go straight to there.

  • 121 Posted by dynamiccharge on Thu Sep 3, 2009 3:50PM EDT Report Abuse

    ramon461, you advice is very unrealistic when you consider the times we live in. What you just said is like saying "If you don't want to get into a car accident, don't drive a car." Not everyone's world is as simple as yours seems to be.

  • 122 Posted by j_pough on Thu Sep 3, 2009 4:45PM EDT Report Abuse

    People are dumb enough to fall for that? Wow...that's just....wow.

  • 123 Posted by glasschime on Mon May 18, 2009 3:16PM EDT Report Abuse

    "2) If you use a cell phone, block all text messages. 3) Use common sense" GREAT ADVICE. Simple ways to avoid getting spammed: Tell your cell phone provider to BLOCK text messaging. If you do not recognize the number, DO NOT answer the phone. Make sure your voice mail message is the canned version, NOT your own voice. FYI-As of May 1, 2009 cell phone numbers are no longer on the Do Not Call list. This ----- ty policy now means that ANYONE can bother you and YOU have to pay for it. Complain to your cell phone provider, get a prepaid phone. DON'T USE SPRINT. THEY SUCK.

More Posts: First Prev 5 6 7 Next Last

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.