Last week, I did a purchase on Amazon and got SMS message to my phone. It was "Please view the invoice of your recent purchase on Amazon". We usually get Amazon notifications thru App and email. It was first time as SMS. The link looked suspicious. Did some research and gathered below information useful to everyone.
SMiShing is the term that many in the security industry are using to describe a social engineering technique that exploits its victims using SMS, or text messaging. Where phishing uses email as the entry point of attack, SMiShing uses text messages as its point of entry.
SMiShing is new trend and is particularly alarming. Most of us aren't aware of the threat that's presented in our cell phone's text message inbox and therefore, we tend to trust text messages more than we do emails, even from unknown senders. This elevates the probability that we will click on a malicious item sent to us via text. Hackers know this too, and that's why they're using SMiShing attacks at an increasing rate.
What does a SMiShing message look like?
The link will be very authentic and might lead to submit your information form thru fake Amazon site, the person behind the scam will either keep your information to use in other fraudulent acts or they will sell it on the dark web to other criminals in the market for stolen identities. Many cases, they request Credit card information to steal your money.
Identified SMiShing messages
FedEx Tracking codes
Amazon Invoices
Amazon Rewards
Costco Rewards
Free Rewards / WhatsApp links for Free Rewards
Group Messages
Protecting yourself against SMiShing attacks:
- Watch out for things that are “too good to be true,” like “free” rewards that need your credit card number for some reason.
- Don’t download and install any software sent you to via a text message or email.
- Treat "you-must-act-now" messages with great suspicion. This is a warning sign of a social engineering attempt.
- Banks won't send you texts asking to update your account or confirm your card numbers. If you get a message like this that appears to be coming from your bank. Don't click anything. Call your bank directly and report fraud.
- Regarding your purchases, though you opt for SMS, but still some might be SMiShing messages. Please use vendor's trusted app on mobile or login thru their website to verify your purchases.
- Look for suspicious numbers such as "5000" numbers. These numbers are tied to email-to-text services, which social engineers use to avoid using their personal phone numbers for the attacks.
- Look at the source of the text message. For example, if Amazon always texts you a delivery alert from a specific number and a new message arrives in that conversation, that suggests it’s real. However, scammers can fake (spoof) the number a text message is from, just as they can fake caller ID on a phone (known as Vishing).
- Be alert for anything suspicious. If you receive a delivery alert from a new number—especially if you weren’t expecting a delivery—that alert is potentially suspect. We recommend you avoid opening the links in any potentially dangerous text messages.
No comments:
Post a Comment