SMS Scams and Smartphone Malware
July 2, 2020
Smartphones have become a crucial part of our everyday lives; we shop, bank and network using our phones. But with so much valuable personal data being stored on these devices, they have become a top target for cyber criminals. If they can crack our phones, they can steal our identities, blackmail us for cash, or empty our bank accounts using scams.
Introducing “smishing”
For some years now hackers have used a technique known as phishing – emails pretending to be from our bank that try and trick us into handing over our account details. As people have got better at spotting phishing emails, less are falling victim, which means that hackers have changed their tactics, focusing on our phones.
How to spot a smishing message
Almost every smishing message has one thing in common – a sense of urgency. You will be told that your bank account has been compromised, and you must login using the supplied link immediately. Or that a routine security check has temporarily blocked access to your account, before asking you to confirm you password to restore access. You may even be asked to download a special app to improve the security of your account, the sooner the better.
The truth is that no bank sends urgent SMS messages; most actually rely on letters and secure emails to communicate important information. If you do receive a text message from your bank, it will never include a link – you will simply be directed to logon to the website at your earliest convenience, or to call their phone banking service.
Similarly, your bank will never send you a link to a website to download a new app. They may direct you to the official App Store or Google Play store, but most will send a push notification through their official app, rather than via SMS text message.
Get protected
Finally, you should always protect your smartphone with a reputable anti-malware app. In the event that you are tricked into downloading a malicious app, the anti-malware tool will conduct a scan automatically, and advise you that there is a problem before any of your personal data is stolen.
You can even protect yourself against smishing scams right now by contacting us about our recommended mobile security app.
As a result, hackers have been developing new ways to attack – the latest using SMS text messages.
For some years now hackers have used a technique known as phishing – emails pretending to be from our bank that try and trick us into handing over our account details. As people have got better at spotting phishing emails, less are falling victim, which means that hackers have changed their tactics, focusing on our phones.
Smishing is very similar conceptually; instead of sending emails however, the attackers are sending SMS text messages to their victims. Each of these texts is designed to trick people into handing over sensitive personal information – like their online banking PIN number. Others will encourage them to access a fake website, or to download an app that has been infected with malware.
Almost every smishing message has one thing in common – a sense of urgency. You will be told that your bank account has been compromised, and you must login using the supplied link immediately. Or that a routine security check has temporarily blocked access to your account, before asking you to confirm you password to restore access. You may even be asked to download a special app to improve the security of your account, the sooner the better.
The truth is that no bank sends urgent SMS messages; most actually rely on letters and secure emails to communicate important information. If you do receive a text message from your bank, it will never include a link – you will simply be directed to logon to the website at your earliest convenience, or to call their phone banking service.
Similarly, your bank will never send you a link to a website to download a new app. They may direct you to the official App Store or Google Play store, but most will send a push notification through their official app, rather than via SMS text message.
If you are in any doubt at all about a text message you receive, delete it. If the matter is truly urgent, your bank will contact you again. You can also give them a call to confirm whether there really is a problem.
Finally, you should always protect your smartphone with a reputable anti-malware app. In the event that you are tricked into downloading a malicious app, the anti-malware tool will conduct a scan automatically, and advise you that there is a problem before any of your personal data is stolen.
You can even protect yourself against smishing scams right now by contacting us about our recommended mobile security app.
Follow Us
Be the first to know
You might also like
DevOps is a popular practice, especially among large organizations. However, while it comes with numerous benefits, it presents numerous risks as well. One notable challenge is the increased velocity of deployment, which often complicates how developers implement and ensure application security throughout the development and deployment process. DevOps is a popular practice, especially among large organizations. However, while it comes with numerous benefits, it presents numerous risks as well. One notable challenge is the increased velocity of deployment, which often complicates how developers implement and ensure application security throughout the development and deployment process. According to a recent survey, almost 80% of CIOs expressed concerns about the difficulty of discerning trusted elements from untrusted ones within DevOps environments. In particular, the pressure to deliver services at a faster pace sometimes prompts DevOps teams to take security shortcuts, resulting in potentially costly repercussions. These include data breaches, application downtime, and compliance violations. So, how can you strike a balance between the demand for agile DevOps practices and the need to maintain robust security measures?
Testing applications for security flaws during production is a vital process of the development lifecycle, and this is where Dynamic Application Security Testing (DAST) comes in. DAST is a security testing approach in application security (AppSec), in which testers assess an application in real-time, while it’s actively running. This process can be conducted even without testers knowing the application’s internal interactions or system-level designs. Applications fuel the engine of the world’s economy, but enterprises can encounter substantial hurdles when striving to retain a competitive advantage in a rapidly changing digital landscape. Businesses must continuously pursue inventive solutions, even as they contend with sophisticated adversaries looking to exploit opportunities to disrupt operations, compromise vital information, and inflict harm. According to recent research, approximately 17% of cyberattacks aim to exploit vulnerable web applications. Yet, 98% of web applications are susceptible to attacks that can lead to malware infection or redirect users to malicious websites. All the while, 72% of these vulnerabilities result from coding errors. Testing applications for security flaws during production is a vital process of the development lifecycle, and this is where Dynamic Application Security Testing (DAST) comes in. DAST is a security testing approach in application security (AppSec), in which testers assess an application in real-time, while it’s actively running. This process can be conducted even without testers knowing the application’s internal interactions or system-level designs. This is because DAST tools operate without access to the application’s source code. Instead, they emulate genuine attacks, akin to those carried out by real hackers, to identify security weaknesses. This “black box” testing method examines the application from an external perspective, scrutinises its runtime behaviour, and observes how it reacts to simulated attacks. These simulations help evaluate whether the application exhibits vulnerabilities and if it is potentially susceptible to malicious attacks.
In this blog post we look back at the origin of the term “hacking”, as well as how activities that might be described as hacking have existed throughout history, even prior to the advent of computer systems – and what if anything these can teach us today. Hacking is attacking and breaking into computer systems illegally… isn’t it? The meaning of the term “hacking” has in fact changed substantially over time, morphing from describing essentially benign (or at worst mildly disruptive) activities into its modern attribution to largely criminal and illegal activities. What’s more, in its original usage, “hacking” doesn’t necessarily even need to involve computer systems at all. In this blog post we look back at the origin of the term “hacking”, as well as how activities that might be described as hacking have existed throughout history, even prior to the advent of computer systems – and what if anything these can teach us today.