The mobile high-tech threat: Smishing

Mon Apr 20, 2009 9:55AM EDT

See Comments (123)

What's the best way to disguise a phishing attempt so no one can tell where a request for personal information or a password really came from? Easy: Send it via text message.

"Smishing" is the name being given to the not-entirely-new but growing practice of sending phishing come-ons and scams via SMS message. And spammers are apparently finding it an increasingly easier proposition to text a phishing message to you rather than to email it traditionally.

Why's that? You've probably received hundreds or thousands of phishing emails and immediately saw through the ruse: Images were broken, the "from" address was wrong, words were misspelled, or links in the message were obviously directing you to phony websites. There are dozens of things that phishers have to get right for an email scam to fool anyone, and that's apparently quite difficult to do. Making things even tougher, many of those emails are now blocked by ISPs and spam filters and never make it to their intended targets.

Those problems don't really exist at the SMS level: Very few SMS messages are blocked, and since they are composed entirely of text, no images required, it's often impossible at a glance to determine if a message is real or fake.

One popular smish threatens the user that he is about to be charged for something unless he cancels it, with a message like: "We're confirming you've signed up for our dating service. You will be charged $2/day unless you cancel your order by clicking here: phonysite.com." Of course there are no pending charges, and the site you're directed to is completely fake, its goal being to collect your credit card number (which you will helpfully enter in order to "cancel" the charges), or install a bit of malware on your computer (or even, someday, on your phone).

Smishing messages may instead direct you to call a toll-free number in order to complete or cancel some financial transaction, the only difference being that a human operator will handily take down your credit card or bank account number for you, to save you the trouble of typing it online. Of course, the number you called is phony, too.

What should you do if you receive a message you fear is a smish attack? The answer should be pretty obvious but bears repeating: Virtually no credible financial institution, utility, or other business will communicate with you via SMS with the exception of your cell phone provider. Don't recognize the website or phone number being sent to you? Don't call it. If you're worried about an upcoming charge, contact the service provider or bank directly via means you know are legitimate and ask them directly about the message. They'll likely tell you what you already know: Just ignore it.

Comments on The mobile high-tech threat: Smishing

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 67 Posted by freeporter2006 on Thu Sep 3, 2009 4:03PM EDT Report Abuse

    Simple. If the message doesn't come from a contact that I know, I immediately delete it. If I don't know you, then you can call me. :)

  • 68 Posted by uche.junior on Thu Sep 3, 2009 10:27PM EDT Report Abuse

    Please, all should take note, am a Nigerian, & a lot of scams are going on. Mails like you have won a lottery of a huge amount of money should quickly be reported as spam messages or ignored. Be wise.

  • 69 Posted by jh1205us on Thu Sep 3, 2009 4:34PM EDT Report Abuse

    Yeah ramon461, that's good logic. Maybe you should throw away your computer too because you receive spam...

  • 70 Posted by mandymmartin on Thu Sep 3, 2009 7:05PM EDT Report Abuse

    I happen to work in a fraud department of a major bank. We get calls for phishing and now smishing on a daily basis. Usually a customer will call us after they have called this "fake" number and given all their debit and or credit card info. It is correct that no financial institution would ever do such a practice. Especially because most of these #'s ask for experation date and cvv code as well. Customers who do wait to call usually see atm withdrawls in very odd $ amounts within hours. People are literally waiting for that information and cards are duplicated on site and taken to atm's in countries none of us have ever normally been to. AFter that may have occured it can be 10 business days (or more if you dont sign proper paperwork) before you get that money back. Be careful and if ever in doubt simply call you bank. We have seen it all and usually know the current scams going around.

  • 72 Posted by bbptown77 on Thu Sep 3, 2009 3:03PM EDT Report Abuse

    I only use my phone to make and receive phone calls and I never answer the phone when it rings anyway so this is of no concern. If I get an email and I don't know who it is I delete it.

  • 73 Posted by woodsmo41 on Thu Sep 3, 2009 10:49PM EDT Report Abuse

    here's another one you want to look out for on the mobile phone sbj;ALERT)dear NCUA member your account with us is closed due to unusual activty, call us at 1773256387. DON"T I REPEAT DON"T CALL THEM ERASE THIS MESSAGE

  • 75 Posted by tradecci on Thu Sep 3, 2009 10:19PM EDT Report Abuse

    "Virtually no credible financial institution, utility, or other business will communicate with you via SMS with the exception of your cell phone provider"- WRONG. In Europe in some cities this is how you pay for your groceries,gasoline or parking in the city.your phone is same as debit card.so you can hit the city without that fat wallet of yours,especially if you want to spend the day on the beach.100%secure.code protected.Much safer that using your bank card.p.s.dont get me wrong,here also there are some things that work better then in Europe.

  • 76 Posted by bvdaniel2002 on Thu Sep 3, 2009 3:15PM EDT Report Abuse

    Who is allowing these mails to spread? Can't you stop them by removing their sites / take action? For doing all these, there should be a Bank A/c right? why we cant check the A/c. Regarding Credit cards, pls.dont allow any overseas payment over the Net except autherized letter Thanks Dan

  • 77 Posted by jjjjkwet1 on Thu Sep 3, 2009 4:35PM EDT Report Abuse

    to all those people on here saying this is stupid and not happening or duh just dont call! I recieved a few calls and texts on my cell phone about an extended warrenty for my vehicle.which actually up for renewal ! I called them back because the # was very close to the actual # for the service dept on my bills! The only time I realized it was false was when an actual person answered and while we were discussing everything they asked for my vehicle information!they asked me to tell them the make and model and such and I said well wouldnt you have that info if you are calling me about a warrenty?and they asked for my personal info so they could look it up !thank god i hung up before giving them my info!!!

  • 78 Posted by czaler12 on Thu Sep 3, 2009 3:33PM EDT Report Abuse

    The reason that people receive text and phone calls from others that they dont know is because the government and businesses sell your private information to terrorist overseas. They sell your name,ssn, address,DOB, income, credit reports, and your birth records to people overseas. That is why people cant find jobs without good credit. I used to work for a company that did that but when i worked there i did not know what was going on. The problem is not just some companies but every company is doing it. You people are too STUPID to figure out how id theft happens.

  • 79 Posted by jimster621 on Thu Sep 3, 2009 4:35PM EDT Report Abuse

    Wow!!!!!!!!!! I never Thought of that!!!!!!!!!!!!!!!!!!!!!

  • 80 Posted by lm_vance81 on Thu Sep 3, 2009 6:55PM EDT Report Abuse

    I got a couple of txt messages on my cell (BTW_ I can't send txts... not an option on my phone) saying to call this number... it's extremely important. As soon as they pick up on the other end, they start asking for my credit card number and pin number for that card. ya right... must be a lot of people out there that actually fall for that crap.

  • 81 Posted by craigtrout1 on Thu Sep 3, 2009 3:30PM EDT Report Abuse

    People who give out CC info SS info over the phone are IDOTS plain and simple. Hello Mcfly!

  • 83 Posted by cjc1127 on Thu Sep 3, 2009 3:26PM EDT Report Abuse

    It can also be helpful to keep a list of spam email/phone/texts, and if you blog, keep a roll of them public. The more we expose cons, the less effective they can be. Thieves don't like to work very hard. They prefer to sit still and collect the profit. Forcing them to work can make them look for a new job, or make their current one much harder.

  • 84 Posted by jessicas2322 on Thu Sep 3, 2009 4:33PM EDT Report Abuse

    Keep in mind that usually the "credible financial institutions" that will txt you are doing so because you have your cell # on file with them and have given them permission. I receieve txts from Chase, Charter (cable and internet), and USAA (car loan and insurance) all through my cell to remind me when bills are due or that my auto payment was made. However, if I were to receive a message and it was not from a company I knew... I would just ignore it (like many of you have said).

  • 85 Posted by ccreinehr@att.net on Thu Sep 3, 2009 3:20PM EDT Report Abuse

    People that get caught up in this type of scam (or others for that matter) deserve to have their money stolen. Giving someone your credit card informtion in this manner is completely foolish. The fact that these scams work really gives me a dim view of the average intelligence of the American citizen!

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.