The mobile high-tech threat: Smishing
Mon Apr 20, 2009 9:55AM EDT
See Comments (123)
What's the best way to disguise a phishing attempt so no one can tell where a request for personal information or a password really came from? Easy: Send it via text message.
"Smishing" is the name being given to the not-entirely-new but growing practice of sending phishing come-ons and scams via SMS message. And spammers are apparently finding it an increasingly easier proposition to text a phishing message to you rather than to email it traditionally.
Why's that? You've probably received hundreds or thousands of phishing emails and immediately saw through the ruse: Images were broken, the "from" address was wrong, words were misspelled, or links in the message were obviously directing you to phony websites. There are dozens of things that phishers have to get right for an email scam to fool anyone, and that's apparently quite difficult to do. Making things even tougher, many of those emails are now blocked by ISPs and spam filters and never make it to their intended targets.
Those problems don't really exist at the SMS level: Very few SMS messages are blocked, and since they are composed entirely of text, no images required, it's often impossible at a glance to determine if a message is real or fake.
One popular smish threatens the user that he is about to be charged for something unless he cancels it, with a message like: "We're confirming you've signed up for our dating service. You will be charged $2/day unless you cancel your order by clicking here: phonysite.com." Of course there are no pending charges, and the site you're directed to is completely fake, its goal being to collect your credit card number (which you will helpfully enter in order to "cancel" the charges), or install a bit of malware on your computer (or even, someday, on your phone).
Smishing messages may instead direct you to call a toll-free number in order to complete or cancel some financial transaction, the only difference being that a human operator will handily take down your credit card or bank account number for you, to save you the trouble of typing it online. Of course, the number you called is phony, too.
What should you do if you receive a message you fear is a smish attack? The answer should be pretty obvious but bears repeating: Virtually no credible financial institution, utility, or other business will communicate with you via SMS with the exception of your cell phone provider. Don't recognize the website or phone number being sent to you? Don't call it. If you're worried about an upcoming charge, contact the service provider or bank directly via means you know are legitimate and ask them directly about the message. They'll likely tell you what you already know: Just ignore it.
Top 5 Posts
More About Cell Phones
Comments on The mobile high-tech threat: Smishing
Post a Comment
Join in the discussion. Here you'll see the comments in the order they were posted.
-
7 Posted by alice_lewin2000 on Thu Sep 3, 2009 2:50PM EDT Report Abuse
What if I received a spam sms on my cell from someone I know who says they didn't send it. It was some Acai berry weight loss thing over the Yahoo IM on my cell phone from one of my contacts.
-
8 Posted by irad6 on Thu Sep 3, 2009 4:24PM EDT Report Abuse
I know Chase Credit Card texts you if they think some transactions are phony and requires you to text back or call to confirm. This happened a second after I bought a bus ticket online so I know it wasn't phony ----"Virtually no credible financial institution, utility, or other business will communicate with you via SMS with the exception of your cell phone provider."
-
9 Posted by mystical_knight17 on Thu Sep 3, 2009 7:32PM EDT Report Abuse
"Don't use a cell phone." Lol....shouldn't use a computer too while you're at it.
-
10 Posted by rockford3333 on Thu Sep 3, 2009 8:47PM EDT Report Abuse
How did I know from the headline on Yahoo it would be Null... more imaginary problems from a lonely moron who opens all hgis e-mail hoping beyond hope that this time it will be a real person that wants to be his friend.
-
11 Posted by ryboards on Thu Sep 3, 2009 8:57PM EDT Report Abuse
it is sad that there even needs to be an article explaining this to people.
-
12 Posted by rockford3333 on Thu Sep 3, 2009 8:47PM EDT Report Abuse
Just out of curiosity, Chris, how many of these scams did you fall for before you thought to write a column warning the sensible people not to do what they already don't?
-
13 Posted by jessi_boggs_15 on Thu Sep 3, 2009 4:33PM EDT Report Abuse
Ok, seriously....? Don't use a cell phone because someone may try to get your information? Block Texts?! That's nuts! Just don't be an idiot!
-
14 Posted by robertgawrys on Thu Sep 3, 2009 8:45PM EDT Report Abuse
hi
-
15 Posted by ishistory on Thu Sep 3, 2009 4:25PM EDT Report Abuse
or even easier, don't have the text message function added to your services :)
-
16 Posted by evilben99 on Thu Sep 3, 2009 3:56PM EDT Report Abuse
no one is using the phrase "Smish." This article is idiotic. I hate Chris Null with every fiber of my being.
-
17 Posted by tariq332004 on Thu Sep 3, 2009 9:56PM EDT Report Abuse
best soulation is that....... u dont get massaging service on urs fone. honestly its the best way to safe urs self:) shah
-
18 Posted by patriciafraker on Thu Sep 3, 2009 8:01PM EDT Report Abuse
I canceled the text option of my cell phone. That was the only way I could get off the spam lists. Living without texting is fine.
-
19 Posted by anibeth698 on Thu Sep 3, 2009 2:55PM EDT Report Abuse
I don't respond to pishing. I simply send it back to the original sender. That is called... reversed smishing! Simply smashing that it is.
-
20 Posted by monko12105 on Thu Sep 3, 2009 7:25PM EDT Report Abuse
Response to Ramon: To not use a cell phone is to be stuck in the past. Also all you have to do to respond to this is not reply to texts that say you signed up for something that you didn't
-
21 Posted by singularity_is_bliss on Thu Sep 3, 2009 9:23PM EDT Report Abuse
@ramon461: If you're so worried about credit card security you would not own a cell phone in order to avoid a minuscule chance of having your card number stolen, why bother owning a credit card at all?
-
22 Posted by foreversmiles31331 on Thu Sep 3, 2009 4:01PM EDT Report Abuse
2 things- either get a new email account, or spend about 5 minutes going into the messages, and at the bottom use the "unsubscribe" link for at least a few of the messages.
-
23 Posted by nica1110 on Thu Sep 3, 2009 7:37PM EDT Report Abuse
Unfortunately a lot of legitimate companies creating mobile marketing campaigns nowadays. Beware!
-
24 Posted by huyitsfong on Thu Sep 3, 2009 4:21PM EDT Report Abuse
"Virtually no credible financial institution, utility, or other business will communicate with you via SMS with the exception of your cell phone provider." Not exactly true. I've had some unpaid bills and a certain company constantly called me to get the money (Which I did eventually pay). They not only called and left messages on my home, cell, and even called my relatives in another state, but they also texted me to give them a call at their office number.
-
25 Posted by punkrock1711 on Thu Sep 3, 2009 8:22PM EDT Report Abuse
thanks for putting the word out there. The more views this gets, the more the mass will be informed.
Sponsored Links
My Tech
Please enable your browser's cookies to activate the My Tech column.
Also on Yahoo! Tech
| Computers | Home Office | Wi-Fi & Networking | Phones & PDAs | Cameras & Camcorders | TV & Home Theater | Portable Audio |
|---|---|---|---|---|---|---|
6 Posted by cheese.machine on Thu Sep 3, 2009 3:22PM EDT Report Abuse
the claim that no credible institution would communicate with you via text is not true. chase allows you the option to have a confirmation sent to you via text when you wish to have password reset with your online account. thought you should know. the difference is that the text comes within a minute of you requesting it