Jump to content

SMS phishing

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Kaltenmeyer (talk | contribs) at 23:39, 27 April 2020 (top: clean up, replaced: often times → often). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

In computing, SMS phishing[1] or smishing[2] is a form of criminal[3][4][5] activity using social engineering techniques. Phishing is the act of attempting to acquire personal information such as passwords and details by masquerading as a trustworthy entity in an electronic communication. Short Message Service (SMS) is the technology used for text messages on cell phones.[6]

SMS phishing uses cell phone text messages to deliver the bait to induce people to divulge their personal information. Smishing attacks typically invite the user to click a link, call a phone number, or contact an email address provided by the attacker via SMS message. The victim is then invited to provide their private data; often, credentials to other websites or services. Furthermore, due to the nature of mobile browsers, URLs may not be fully displayed; this may make it more difficult to identify an illegitimate logon page.[7] As the mobile phone market is now saturated with smartphones which all have fast internet connectivity, a malicious link sent via SMS can yield the same result as it would if sent via email.

Detection

Many of the same defences that apply for phishing also apply here. Smishing messages may come from telephone numbers that are in a strange or unexpected format.[8]

Cases

On March 9, 2012, Rewe issued a fraud alert regarding a large number of scam texts that offered a nonexistent $1000 gift card as bait.[citation needed]

In June 2018, the County of Orange Social Services Agency (SSA) warned residents of a phone/texting scam that attempts to obtain cardholder information of CalWORKs, CalFresh, and General Relief clients throughout California.[9]

References

  1. ^ "Phishing, Smishing, and Vishing: What's the Difference?" (PDF). www.belvoircreditunion.org. August 1, 2008. Archived from the original (PDF) on 2015-04-01.
  2. ^ Vishing and smishing: The rise of social engineering fraud, BBC, Marie Keyworth, 2016-01-01
  3. ^ Protect Yourself from “SMiShing”, Robert Siciliano, Feb 22, 2012
  4. ^ "SMiShing", The free dictionary by Farlex
  5. ^ SMiShing, Forrest Stroud
  6. ^ SMS phishing article at ConsumerAffairs.com
  7. ^ Mishra, Sandhya; Soni, Devpriya (August 2019). "SMS Phishing and Mitigation Approaches". 2019 Twelfth International Conference on Contemporary Computing (IC3). IEEE: 1–5. doi:10.1109/ic3.2019.8844920. ISBN 978-1-7281-3591-5.
  8. ^ "What is Smishing?". Symantec Corporation. Retrieved 18 October 2018.
  9. ^ "County of Orange Social Services Agency warns of SMS text phishing/phone scam | Orange County Breeze". Orange County Breeze. 2018-06-26. Retrieved 2018-08-24.