Hackers continue to find new ways to access people’s financial information and endanger their wealth. Experts warn that it has become more commonplace for even casual hackers to exploit security vulnerabilities and trick unsuspecting victims into revealing personal or financial information.
One common threat is SMS phishing, or smishing, when cybercriminals attempt to dupe the recipient of a phony text message. They may include a malicious link that appears legitimate but is designed to download malware or steal credentials. Given the prevalence of mobile device use, learning how to spot a potentially harmful text message is essential for personal cybersecurity.
A primary reason SMS phishing has become more prevalent is due to the difference in how users interact with text messages compared to email. According to manychat.com, the average open rate for SMS messages is 98% while, on average, email recipients open about 20% of their messages. Because of this, big brands now routinely use text communications to reach consumers, making it easier for hackers to dupe messages. Users also have false confidence in the safety of text messages because they assume that their smartphones are more secure than other devices.
As people have become savvier to the threat of seemingly innocuous links mentioned above, phishers are increasingly shifting to newer forms for SMS phishing, which are designed to trigger a response because they require necessary action by the recipient.
These attacks generally consist of link-free text messages about suspicious bank transfers or other payments and are designed to elicit a “Yes” or “No” reply about a transaction or a “1” to decline future alerts. A “No” response often results in a phone call seconds later from someone impersonating the fraud department at the financial institution.
These imposters ask for personal information to “secure your account” or “verify suspicious activity.” Fraudsters will typically use the information you provide to set up new accounts in your name which are then used to process wire transfers or stolen funds.
An enticing offer from what appears to be a credible retailer for a free product or service can also elicit a quick reply and present an easy way for phishers to manipulate recipients. These types of SMS phishing scams lure victims into providing financial information that can be used for additional and detrimental foul play.
Attackers may impersonate representatives from a trusted company who are helping to resolve an issue, typically with online accounts. More specially, these schemes tend to focus on issues with billing, account access, unusual activity, or a complaint. The recipient may be led to a fake login page and asked to enter credentials or for actual account details to reset a password.
Defense against these attacks is critical. Kaspersky, a global cybersecurity company, offered the following guidance on protecting against these threats and how to respond as a victim:
As always, please reach out to an MAI advisor with any questions or for additional information about protecting your personal and financial information.
Information updated as of 10.10.23
Past performance is no guarantee of future results. This is not a recommendation to buy or sell any security. Any statistics mentioned have been obtained from sources we believed to be reliable, but the accuracy and completeness of the information cannot be guaranteed. Any statement non-factual in nature constitutes only current opinion of this author which is subject to change without notice.