There are many ways to have your personal information stolen from your mobile phone. One of the most prevalent ways of these cyber attacks is SMS phishing.
SMS phishing (smishing) is the act of sending an SMS message containing a suspicious link to the target mobile user. Once clicked, the link gains access to the victim’s personal data such as credit card information or passwords. These links can also install malware on the victim’s phone, allowing hackers to steal additional information.
Many message phishing attacks sent over an SMS are masked as invitations to participate in a certain event. This event could be a competition or an exhibition. Regardless, this message will contain a link, requiring you to register. Now, you might think this message comes from a valid source. However, you must verify the invitation first to make sure it’s legitimate. Otherwise, clicking on the link will result in personal data and maybe even identity theft.
We’ve all received transactional and verification messages before. Usually, banks call to verify your credentials before letting you conduct transactions over the phone. Remember that financial institutions never ask for personal information over SMS like your recent transactions, card pin, credit card number, and so on.
Some SMS phishing attacks are more direct. They ask you to respond to a message without telling you that it would cost you a lot of money. This money goes directly to the attackers. Always remember not to respond to these messages.
If a message asks you to take action immediately or creates a sense of urgency, do not respond. Carefully evaluate the source of the message and check whether it is from a known source. If not, then ignore the message.
Any SMS that asks for your financial or sensitive information is a phishing attack. Ignore responding to these messages at all times. Know that your bank or financial service provider will never ask for your personal information over a text message.
Avoid clicking on links within text messages, even if they come from reliable sources. These links may contain phishing attacks. Moreover, make sure to examine the sender’s phone number. If it seems suspicious, avoid responding to the message.
You can take extra precautions by keeping your financial information outside of your mobile device. Don’t store your credit card data on your phone to ensure your information remains secure.
It is always a good idea to install a text blocking app on your phone to protect yourself against SMS phishing attacks. These apps offer a strong firewall and provide warnings to users if they receive an SMS containing phishing attacks.
PayPal users are particularly at risk of SMS phishing. Since the service is exclusively online, it is very easy for attackers to break into PayPal accounts and transfer funds out.
The most common kinds of PayPal smishing messages claim that your account is under review. These messages will also mention that you must fill out a security form to keep your account operational and avoid risking getting blocked or suspended.
As expected, there’s also a link redirecting you to the form. This form will ask for your PayPal account information. Once provided, it immediately transfers this information to the attacker.
To stay clear from PayPal smishing attacks, never respond to these messages. PayPal would never send such information over a text message, even if it sounds like it’s coming directly from them.
SMS phishing on Android devices is likely to become a serious issue due to advancements in phishing methodology. Researchers have claimed that Samsung phones are at risk most, while Huawei and Sony are also prone to increased instances of phishing attacks.
The new phishing methods use OTA, or over-the-air. This technology is generally used by networks to deliver network-specific information to users. But, it doesn’t have adequate authentication barriers, making it possible for attackers to send phishing attacks over OTA. Once a user mistakes a phishing attack for actual network settings, all of the phone’s network traffic would then be routed through the attacker. This, in turn, exposes all of the victim’s internet activity.
Naturally, you cannot avoid accepting network settings delivered OTA; otherwise, you won’t be able to use mobile data. However, you must pay close attention to the settings that you are accepting. Make sure these settings are coming directly from your network provider and that you only accept them once. Ignore any further network settings received over OTA.
Dexatel aims to build a better future where technology creates good connections and communication for everyone and everywhere.