Insights

SMS Phishing: Identifying Threats & Protecting Your Financial Security

10.31.23

Hackers continue to find new ways to access people’s financial information and endanger their wealth. Experts warn that it has become more commonplace for even casual hackers to exploit security vulnerabilities and trick unsuspecting victims into revealing personal or financial information.

One common threat is SMS phishing, or smishing, when cybercriminals attempt to dupe the recipient of a phony text message. They may include a malicious link that appears legitimate but is designed to download malware or steal credentials. Given the prevalence of mobile device use, learning how to spot a potentially harmful text message is essential for personal cybersecurity.

A primary reason SMS phishing has become more prevalent is due to the difference in how users interact with text messages compared to email. According to manychat.com, the average open rate for SMS messages is 98% while, on average, email recipients open about 20% of their messages. Because of this, big brands now routinely use text communications to reach consumers, making it easier for hackers to dupe messages. Users also have false confidence in the safety of text messages because they assume that their smartphones are more secure than other devices.

As people have become savvier to the threat of seemingly innocuous links mentioned above, phishers are increasingly shifting to newer forms for SMS phishing, which are designed to trigger a response because they require necessary action by the recipient.

Three Common SMS Phishing Schemes

Financial Services Smishing

These attacks generally consist of link-free text messages about suspicious bank transfers or other payments and are designed to elicit a “Yes” or “No” reply about a transaction or a “1” to decline future alerts. A “No” response often results in a phone call seconds later from someone impersonating the fraud department at the financial institution.

These imposters ask for personal information to “secure your account” or “verify suspicious activity.” Fraudsters will typically use the information you provide to set up new accounts in your name which are then used to process wire transfers or stolen funds.

Free Product or Service Smishing

An enticing offer from what appears to be a credible retailer for a free product or service can also elicit a quick reply and present an easy way for phishers to manipulate recipients. These types of SMS phishing scams lure victims into providing financial information that can be used for additional and detrimental foul play.

Customer Service Smishing

Attackers may impersonate representatives from a trusted company who are helping to resolve an issue, typically with online accounts. More specially, these schemes tend to focus on issues with billing, account access, unusual activity, or a complaint. The recipient may be led to a fake login page and asked to enter credentials or for actual account details to reset a password.

How to Protect Yourself

Defense against these attacks is critical. Kaspersky, a global cybersecurity company, offered the following guidance on protecting against these threats and how to respond as a victim:

Preventing Smishing:
  • Do not respond.
  • Slow down if a message is urgent.
  • Call your bank or merchant directly if doubtful.
  • Avoid using any links or contact information in the message.
  • Check the phone number.
  • Never keep credit card numbers saved on your phone.
  • Use multi-factor authentication (MFA).
  • Never provide a password or account recovery code via text.
  • Download an anti-malware app.
  • Report all SMS phishing attempts to designated authorities.
Responding to a Smishing Attack:
  • Report the suspected attack to any institutions that could assist.
  • Freeze your credit to prevent any future or ongoing identity fraud.
  • Change all passwords and account PINs where possible.
  • Monitor finances, credit, and various online accounts for strange login locations and other activities.

As always, please reach out to an MAI advisor with any questions or for additional information about protecting your personal and financial information.


Information updated as of 10.10.23

Past performance is no guarantee of future results. This is not a recommendation to buy or sell any security. Any statistics mentioned have been obtained from sources we believed to be reliable, but the accuracy and completeness of the information cannot be guaranteed. Any statement non-factual in nature constitutes only current opinion of this author which is subject to change without notice.

References:

  • Chickowski, E. (n.d.). What is Smishing? SMS Phishing explained. Retrieved November 17, 2021, from AT&T Cybersecurity
  • Kaspersky. (2021, February 5). Kaspersky. Retrieved November 16, 2021, from www.kaspersky.com
  • Krebs, B. (2021, November 10). Krebs on Security. Retrieved November 17, 2021,  from www.krebsonsecurity.com
  • Sadan, T. (2021, January 29). SMS vs. Email Marketing: Which Channel Wins in 2021? Retrieved November 17, 2021, from Manychat

We look forward to learning about your financial goals.

CONTACT