What is SMS Spam and Phishing (Smishing)?
How many random text messages do you receive today, as opposed to a couple of years ago? For most Melbournians, these text messages are much more frequent in 2022.
This SMS increase is because retailers and similar businesses have decided it’s more effective to bypass your crowded email inbox and text you directly! They probably urge you to sign up for SMS alerts for shipment tracking and sale news. The medical industry is doing something similar, with pharmacies sending out refill notices and doctors’ offices texting appointment reminders.
And most of these messages often contain links.
These text messages can make life easier if you’re hunting for a bargain or want to be directly notified when a sale begins. However, retailers and medical practices aren’t the only ones trying to grab your attention with a text message… in fact, cyber criminal groups are utilising this strategy to send out phishing links and catch people unaware.
Phishing by SMS is also known as ‘smishing’, and it’s becoming increasingly frequent… and people are being caught out.
In 2020, smishing rose by a gobsmacking 328%! And then, in the first six months of 2021, it skyrocketed by almost another 700%. So it’s clear that smishing is a growing threat to cyber security, especially for businesses adjusting to a more remote and mobile workforce and navigating the associated data security risks.
How Can I Text Myself?
You might have popped a self-reminder into a messaging app in the past; maybe the bakery down the street is opening next week, or there’s a band playing at the Corner that you really, really want to see.
But the smishing scam involves text messages, whereby you realise that your number has sent the SMS. This scam is increasingly common, and if it hasn’t happened to you yet, it’s just a matter of time. It results in plenty of confusion, which is precisely what scammers want. This confusion makes it more likely that the victim will click a malicious link provided in the message to find out more details.
These cybercriminals have the skills to make it look like the text they sent you is coming directly from your number, utilising VoIP connections and clever ‘spoofing’ software.
If you ever receive a message from yourself, be aware – this is an SMS phishing scam. Do not interact with the message at all, no matter what content it appears to contain. Delete it immediately.
Some carriers offer the option to delete and report scam SMS messages, ideally resulting in the original number being blocked and removed.
Popular Smishing Scams to Watch Out For in Melbourne
Smishing still holds a lot of danger because it’s a relatively new way of scamming. Therefore, people aren’t very aware of it, and users often hold a false sense of security regarding text messages. For example, they expect that only those they’ve given their phone number to will be able to message them!
Unfortunately, that’s not the case. Mobile numbers are obtainable through legitimate means as well as illegitimate methods. For example, advertisers often pay for large lists of valid phone numbers online, and countless data breaches place thousands (even millions) of phone numbers on the dark web.
Did you know that less than 35% of the population knows what smishing is? This perfectly highlights how vulnerable people may be and how unknown the risks are.
It’s also important to remember that phishing email scams are constantly morphing. For example, they have now evolved into SMS scams, which look different and may be harder to detect. In addition, they often have fewer words and are well-written, in contrast to most phishing emails.
Moreover, receivers can’t check if the number is legitimate unless they perform a thorough Google search. Even then, what’s to say that his number isn’t used by Amazon or Australia Post?
Text messages often use shorter URLs, which mask the actual URL that the link will take you to. And if only it were easy to hover over the link on your phone to see the full address. On the other hand, you can do this on a computer with a mouse and cursor.
Understanding what smishing scams are out there is the best way to remain vigilant and prepared.
We all love winning a prize! Even if we can’t remember entering the competition. This scam targeted thousands of Aussies, informing them that they had won a prize from Amazon. It began as an email but also appeared in text message form. In addition, this scam contained a link, which the victim was prompted to click to claim their prize. Easy?
This link took the victim to a form where they were asked to fill out their details, which were then used for many instances of identity theft. Moreover, some scams requested credit card details to cover the costs of shipping their ‘prize’. Subsequently, many people had their money stolen.
Australia Post Delivery Incoming
Don’t you love getting packages? Everyone does! This SMS scam leverages that fact and purports to be from Australia Post. The message usually stated a package was on the way and that the victim should click a link to track the delivery. This scam was particularly effective over 2020 and 2021 in Melbourne, as we all ordered plenty of items online!
Like most smishing scams, the receiver was asked to put in personal information, such as their full name and address, to ‘confirm’ the delivery. Some also asked for credit card details.
Back in 2021, another common smishing scam in Melbourne was the MyGov text message scam. These text messages purported to be from MyGov and informed users that their details were outdated or needed to be entered again. But, of course, being a government portal, they’d require a lot of personal information… the perfect disguise for scammers.
This scam also told victims that if they did not update their information, their MyGov (and therefore Australian Tax Office, Medicare, Centrelink etc.) would be suspended and inaccessible.
Does Your Mobile Phone Have the required security?
These SMS scams are deceitful and can easily infect your mobile with malware. Do you have the required security precautions (mobile antivirus, DNS filtering, etc.)? If you don’t, you will be at risk. Get in touch with us for more information on how to ensure your mobile device’s security is water-tight.
About the author
Yener is the founder and Managing Director of Intuitive IT. Prior to running his own business Yener worked for a number of corporate organisations where he gained invaluable experience and skills, as well as an understanding of how IT can complement and improve business outcomes.