New decade. New personal finance-savvy you.
What is smishing?
Smishing is short for SMS (short messaging service) phishing. Smishing is a type of phishing attack where hackers send mobile users text messages that contain links containing Trojan horses. If the link is clicked, the Trojan horse is downloaded onto the user’s phone or other mobile device.
Smishing lures victims to click on a fraudulent link and unknowingly download Trojan software to their phone. Once the users download the Trojan software, hackers can take over their phones and use it as part of a botnet to launch denial of service attacks, install keylogging software, and steal personal information from users.
Just like emails can contain viruses, links can contain viruses. The good news is that these viruses are avoidable.
Experts recommend that users use basic precautions and not click on links unless they know where the link is coming from. Even if the user receives a text from someone they know, the user should contact that person first to ensure they intended to send the link. When in doubt, users should err on the side of caution and not click on the link.
Andrea receives a text message that says, “We’re confirming that you signed up for our website’s premium membership. You will be charged $39.99 unless you cancel your subscription.” The text message includes a link to a website. Andrea does not want her account to be charged and immediately clicks on the link. Once she arrives at the website, she sees a message that says, “To cancel your subscription, click here.” Andrea clicks on the link and receives a message that says, “Thank you, your subscription has been canceled.”
Andrea doesn’t realize that she’s just downloaded a Trojan horse onto her phone, allowing hackers to control her phone. Without her knowledge, the hackers use Andrea’s phone as a part of a bot network that’s used to launch denial of service attacks and steal Andrea’s personal bank account information.
Do you bank online? Learn how to protect your data.