The mobile high-tech threat: Smishing

Mon Apr 20, 2009 9:55AM EDT

See Comments (123)

What's the best way to disguise a phishing attempt so no one can tell where a request for personal information or a password really came from? Easy: Send it via text message.

"Smishing" is the name being given to the not-entirely-new but growing practice of sending phishing come-ons and scams via SMS message. And spammers are apparently finding it an increasingly easier proposition to text a phishing message to you rather than to email it traditionally.

Why's that? You've probably received hundreds or thousands of phishing emails and immediately saw through the ruse: Images were broken, the "from" address was wrong, words were misspelled, or links in the message were obviously directing you to phony websites. There are dozens of things that phishers have to get right for an email scam to fool anyone, and that's apparently quite difficult to do. Making things even tougher, many of those emails are now blocked by ISPs and spam filters and never make it to their intended targets.

Those problems don't really exist at the SMS level: Very few SMS messages are blocked, and since they are composed entirely of text, no images required, it's often impossible at a glance to determine if a message is real or fake.

One popular smish threatens the user that he is about to be charged for something unless he cancels it, with a message like: "We're confirming you've signed up for our dating service. You will be charged $2/day unless you cancel your order by clicking here: phonysite.com." Of course there are no pending charges, and the site you're directed to is completely fake, its goal being to collect your credit card number (which you will helpfully enter in order to "cancel" the charges), or install a bit of malware on your computer (or even, someday, on your phone).

Smishing messages may instead direct you to call a toll-free number in order to complete or cancel some financial transaction, the only difference being that a human operator will handily take down your credit card or bank account number for you, to save you the trouble of typing it online. Of course, the number you called is phony, too.

What should you do if you receive a message you fear is a smish attack? The answer should be pretty obvious but bears repeating: Virtually no credible financial institution, utility, or other business will communicate with you via SMS with the exception of your cell phone provider. Don't recognize the website or phone number being sent to you? Don't call it. If you're worried about an upcoming charge, contact the service provider or bank directly via means you know are legitimate and ask them directly about the message. They'll likely tell you what you already know: Just ignore it.

Comments on The mobile high-tech threat: Smishing

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 46 Posted by thebluarc on Thu Sep 3, 2009 10:03PM EDT Report Abuse

    Kids will not listen to their parents. Solution don't give them cell phones or second the least block all calls that come in from outside the area code. Third block all text messages. Most of the problem solved.

  • 47 Posted by raphaela28 on Thu Sep 3, 2009 8:29PM EDT Report Abuse

    I'm amazed at how many people have NO common sense. Why would ANYBODY key in their credit card number to a company they've never heard of???? Guess that's why in over 40 years I've never been scammed ONCE - because I actually HAVE common sense and a BRAIN!!!

  • 50 Posted by dmanoli on Thu Sep 3, 2009 3:45PM EDT Report Abuse

    As a retired Fraud Investigator. DO NOT reply or open anything you do not recognize. Take control of you childrens' phone and see what they are doing. You control the account. Finally never do any banking or financial transaction where you put in or give out your cell number unless you know who it is. Financial fraud is a self controlling problem. Always remember if it is such a sweet deal, then why doesn't everyone know about it. Also call you local Business Bureau and see if the corporation or company is legitimate. It is your money to keep or lose.

  • 51 Posted by jchik on Thu Sep 3, 2009 4:30PM EDT Report Abuse

    It is hard to believe that there are people still out there that are fooled by these scams. There has been so much media attention on this subject that people must have their heads in the sand not to have been warned about them. I know every person that has my e-mail as well as every website that I have signed up to receive e-mails from. Any others that get through are immediately sent to spam to be deleted. As far as text goes, I only get them from my children and the service provider. If I got any others, I would ignore them. Just keep these warnings coming. Maybe it will finally sink in for these people before they find their bank accounts emptied.

  • 52 Posted by cdbackupsnow on Thu Sep 3, 2009 3:20PM EDT Report Abuse

    Extremely simple solutions: 1) Don't use a cell phone. haha Good one Ramon. Welcome to 2009.

  • 53 Posted by jchik on Thu Sep 3, 2009 4:30PM EDT Report Abuse

    The only text i ever get is from my cellphone service provider. I do, however receive many junk e-mails ranging from trying to sell me various types of insurance to dating services to porn sites. These go directly into spam without ever being open. I also get that garbage from Africa saying I have thousands of dollars coming. I tried to report those without luck so I just spam them too. Then there's the Bank of America e-mail trying to get my acct. info by saying there is a problem. This one is the best because I don't have and never have had a BofA acct. I would love to send this one back and tell these idiots where to stick it but it would never go through so it just goes to spam. People need to be smarter about these things. Too many people are falling for this and the bad guys are winning.

  • 55 Posted by lwolf123 on Thu Sep 3, 2009 7:01PM EDT Report Abuse

    All they need is you Cell phone number, and these scammers can bill you through your Cell phone provider!!! Ever see the 'Test your IQ' web page? At the end, they ask for your cell phone number, and ask for a confirmation number so you can see the results. In very very small print and in a picture easily not noticed is a message that you will be charger 10.00 or 20.00 a month for the 'Service'. The text message is then sent. You key the confirmation code on the phone, and voila, instant 10 bucks a month on your cell phone bill, until you notice it and complain.

  • 57 Posted by liljimy69 on Thu Sep 3, 2009 6:51PM EDT Report Abuse

    for all you people who are saying oh its not entirely true this and that.. What the guy is trying to do is to let all the people who will believe everything they're told that the rule of thumb as of this day is to believe that the companies will not contact you unless you're some kinda text god or hate talking to the nice company reps. if you're smart already then there wasnt any reason to look in this article. plus.. a lot of yahoo news and stories are pretty much common sense if you really thought about it. It's just that a lot of us americans dont always have any common sense.

  • 58 Posted by maximusthedark on Thu Sep 3, 2009 7:12PM EDT Report Abuse

    these kind of people who do such things... the world is better off without them...

  • 59 Posted by bennyandjenny727 on Thu Sep 3, 2009 3:05PM EDT Report Abuse

    my daughter and friends are getting voice mails not text messages..whats up with that? what can that do if you listen to the voice mail?? anyone

  • 60 Posted by katec523 on Thu Sep 3, 2009 4:47PM EDT Report Abuse

    These are so annoying. I have texting turned off my cell phone. However, there is nothing I can do to stop getting SMS messages per the phone company. On top of it I get per message charge. I've called Nextel/Sprint several times wanting to know why I was being charged for text messags when I don't have the service. These don't apply when yu turn text off. This should be illegal. This ranks right up there with junk faxes.

  • 61 Posted by big_jake_roberts on Thu Sep 3, 2009 3:07PM EDT Report Abuse

    You deserve what you get if you fall for things like this. It also shows how much of a ----- . retard you really are.

  • 62 Posted by crazyjayboyblue on Thu Sep 3, 2009 3:30PM EDT Report Abuse

    Texting is so dangerous. I sent a text message to my grandfather once. Three years later, he died!

  • 63 Posted by uche.junior on Thu Sep 3, 2009 10:27PM EDT Report Abuse

    God has given every man a common sense. But many fail 2 apply it wisely. Think b4 u leap. When u get such messages, use your common sense & know its a scam. Thanks. God help us & deliver us from the hands of Evil ones.

  • 65 Posted by mrrpr1313 on Thu Sep 3, 2009 7:28PM EDT Report Abuse

    i been reciving phone numbers on my dell phone and when i calll it bk it says the voi=cemail box is full i findit kinda weird

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.