It's important to be vigilant and cautious when receiving text messages from unknown or unexpected sources.
Phishing is undoubtedly one of the most popular ways for cybercriminals to start a malicious attack, whether they're looking to steal someone’s identity or distribute malware. Since the emergence of phishing, this attack vector has only been growing — and it doesn’t look like it's going away any time soon.
The Anti-Phishing Working Group (of which Avast is a member) is a non-profit organization that has been helping in the fight against phishing since 2003. In its latest quarterly report, the group affirmed that it has been “the worst quarter for phishing that APWG has ever observed”.
Today, I’d like to talk about a kind of phishing that isn’t as frequently mentioned, despite the fact that it has gained a lot of popularity among cybercriminals in the last few years: Smishing.
Smishing, or phishing via SMS, is a popular tactic among cybercriminals because it takes advantage of the widespread use of text messaging as well as the sense of trust that people have in text messages coming from trusted sources, such as banks or government agencies. Furthermore, SMS have a higher open rate compared to emails, making it more likely that the victims will see and respond to the smishing message.
The tactics used in these messages are similar to email scams. Text messages often create a sense of urgency and strive to be perceived as time sensitive, which can increase the likelihood of a victim taking immediate action without thinking twice. When paired with their high open rates (some marketing studies put SMS open rates as high as 98%), it clearly explains why this attack vector is attractive for bad actors.
Another advantage for cybercriminals is that most spam filters have been created to detect and block phishing emails, not text messages. An additional benefit for cybercriminals is that SMS are opened on mobile devices, which although they’re often considered safer by users, the number of mobile devices protected by antivirus software is much lower than that of personal computers (on which people are more aware of the risks that come along with not being protected).
Reading through real-life examples of cyberattacks is ultimately the best way to begin recognizing smishing messages. Here are a few of the most common smishing attacks; however, never underestimate the lengths to which cybercriminals will go.
It's important for individuals to be vigilant and cautious when receiving text messages from unknown or unexpected sources, especially if they contain links or request sensitive information. Never click on links or provide personal information in response to a text message that you receive without verifying the identity of the sender first. It's also critical to have protection installed on your phone, so even if you click on a malicious link, you can remain protected.
The promise of a free movie download led thousands of people into unintended malware.
Avast recently discovered a series of malicious browser extensions on the Chrome Web Store that are spreading adware and hijacked search results.