Search This Blog

Showing posts with label SMiShing. Show all posts

What are Smishing Attacks? How to Prevent Them?


Smishing is a cyber assault that utilizes SMS text messages to delude its victims into giving sensitive data to a cybercriminal. Sensitive data incorporates your account name and password, name, banking account, or credit card numbers. The cybercriminal may likewise implant a short URL link into the text message, inviting the client to tap on the link which in most cases is a redirect to a pernicious site. Smishing is identified with two other 'smishing' cyber assaults, phishing and vishing. 

Cybercriminals today are essentially inspired by monetary benefit. They create code intended to obfuscate your sensitive data for benefit. At the point when they acquire this information, they may hope to sell your compromised credit card or credentials on the dark web. They may likewise utilize sensitive information to open an account in your name or hold your information ransom in exchange for a large pay-out. 

Back in May 2018, Fifth Third Bank clients were the targets of a smishing assault. The assailants claimed to represent Fifth Third Bank. They contrived a plan to caution clients that their accounts were locked. Within the body of the text message, they gave a link to the clients to open their accounts. The link took the clueless client to a phony webpage that seemed to be like Fifth Third's genuine site. The phishing site prompted the visitors to enter their user name and password, one-time code, and PIN codes to open their account. The cybercriminals then utilized the stolen account data to expunge almost $68,000 from 17 ATMs across three states. 

Some of the ways to prevent smishing attacks are: 

• Try not to react to text messages that demand private or monetary data from you. 

• On the off chance that you get a message that has all the earmarks of being from your bank, financial institution, or other entity that you work with, contact that business directly to decide whether they sent you a genuine solicitation. Review this entity’s policy on sending text messages to clients. 

• On the off chance that a text message is encouraging you to act or react rapidly, pause and consider the big picture. Recall that crooks utilize this as a strategy to get you to do what they need. 

• Never reply to a dubious text message without doing your research and checking the source.

Android Banking malware spreads via Smishing (SMS phishing)

A new android banking trojan spotted in the wild that replaces the legitimate South-Korean banking android apps spreads via phishing sms attacks, reports McAfee Labs.

South-Korean bank users are being targeted with a fake message that purportedly coming from Financial Services Commission.  The message asks users to install the new anit-malware protection.

Unwitting user who follows the link provided in the sms and installs the app putting himself at risk.  The malware app silently attempts to uninstall the legitimate south-korean banking apps.  However, the malware is able to uninstall the apps only if the device is rooted.

If the device is not rooted, the malware asks users to uninstall the legitimate app and urge them to install another app with the same icon but with suspicious permission request.

The trojan then asks users to enter the banking credentials such as account number, password, Internet banking ID, social security number.  The collected info is later sent to remote server.

"McAfee Mobile Security detects this threat as Android/FakeBankDropper.A and Android/FakeBank.A and alerts mobile users if it is present".

SMiShing: SMS Phishing tricks victims into providing Bank details


SMS phishing attacks(Smishing), increased 913% during the first week of September, making SMS phishing currently the single largest SMS text messaging threat.

According to Cloudmark report, the victims are being scammed with the following text " Fwd:Good Afternoon .Attention Required Call.(xxx)xxxxxxx" . Victims are instructed to call to various phone numbers.

According to the report, there are more than 500 different text message used in the phishing campaign.

If the recipient calls the provided number, an automated message asks for the sensitive credentials that can be used for bank and credit card fraud.

"Victims who fall for the phishing scam and divulge their credentials risk being subjected to bank account theft, credit card fraud, and even outright identity theft."Cloudmark blog post reads. "Stolen information can even be used in social engineering scams to elicit further information from unrelated accounts."

If you suppose get these type of phishing SMS , you can forward the text to short code 7726 to notify your carrier and to facilitate resolution.