You’ve probably already run into Smishing


You’ve probably already run into Smishing

Smishing is an uncommon word, but makes perfect sense when broken down into its two components – SMS Phishing.

As the name implies, these are text messages which have a seemingly innocent request on them, informing you of an upcoming payment, missed payment or interruption in a particular service or product, that require you to simply click on a link to verify some account details.

However, as soon as this link is clicked, malware can be automatically installed on a user’s phone, stealing sensitive data and then texting itself to emails and other contacts within.

A recent incident of Smishing happened on Japanese Android devices, which received a text identifying itself as from a local water and power company, asking to verify whether or not bills had been paid by clicking on the link. The link forwarded a user to a page which then prompted them to install SpyNote – which comes bundled with malware.

What seems to be a notes app, in fact, can exploit accessibility services and device administrator privileges.; using these, it can steal device location, contacts, SMS messages and phone calls. All whilst appearing to have notes functionality and a fully official appearance.

Smishing, a form of phishing, is an innovation on typical social engineering attacks. Recently, we looked at how internet users need to be more aware of social engineering techniques as they become more commonly used by threat actors, read more here.

Security Middle East Magazine recommends keeping all anti-virus software up to date and remaining ever-vigilant, not sharing information unnecessarily and staying vigilant online.