Smishing: Five tips for more protection against attacks via SMS messages

Smishing (SMS plus phishing) is a relatively new method of attacking mobile devices. It takes place via text messages, which are also used by companies and their employees – which are increasingly targeted by criminals. If you take five tips to heart, four of which are very simple, you can ignore smishing attacks.

Smishing attacks became known in the spring of 2021 through “Parcel-is-there!” – notifications via SMS, which requested users to download a parcel notification app contaminated with malware (the “Morning Briefing” reported). Cyber ​​criminals want to use the attack method to trigger one of two reactions: the click on a link or a response via text message or phone call. “Smishing is still in its infancy, but the threat is already great,” said the IT security provider (and smartphone manufacturer) Blackberry. The company makes the following five recommendations for defending yourself against such attacks.

1. Don’t call links
A simple first step towards greater security is to avoid clicking links in unexpected text messages from unknown senders. Otherwise, a virus may get onto your own mobile device that logs keystrokes and gathers sensitive information. Often times, the scammers rely on emotional manipulation, conveying a certain urgency, for example, in order to get their potential victims to commit a mistake. Employees have to keep this in mind and be careful with every text message.

2. Don’t answer, block
It is also important not to reply to cyber criminals via text message or phone call. This also includes a direct request to end the attack. Often the fraudsters do not know which phone numbers are actually being used. Actuation provides an answer and may lead to further smishing attacks. On the other hand, it is much more effective to block the phone number of the cybercriminals.

3. Contact customer service
The text message of a smishing attack often suggests that it came from a reputable sender, for example a bank. This should ensure more trust and authenticity. If in doubt, it is worth contacting the company’s customer service and inquiring about the text message. If the contact person doesn’t know about it, it can be deleted and the sender blocked.

4. Research online
It is also helpful to enter the sender’s phone number and text message on Google or another search engine – i.e. to research online. Other people are likely to report their experience with the alleged smishing attack on the Internet. However, a negative assessment alone is not enough. You can only rely on this assessment if several people classify the case as a smishing attack.

5. Mobile Threat Defense nutzen
Functions that guarantee so-called Mobile Threat Defense (MTD) offer even better protection. The corresponding solutions for mobile devices are characterized, for example, by the use of artificial intelligence (AI) methods. With a company’s endpoint security in mind, the AI ​​automatically monitors the system parameters, configurations and system libraries of mobile devices. As a result, it also automatically manages to detect, report and prevent or remedy smishing attacks and other potential threats. In addition, IT teams get a comprehensive insight into their own network, which allows them to manage it efficiently.

Leave a Reply

Your email address will not be published. Required fields are marked *