SMS phishing

From HandWiki
Revision as of 01:44, 26 February 2022 by imported>NBrush (update)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

In computing, SMS phishing[1] or smishing[2] is a form of criminal[3][4][5] activity using social engineering techniques. Phishing is the act of attempting to acquire personal information such as passwords and details by masquerading as a trustworthy entity in an electronic communication. Short Message Service (SMS) is the technology used for text messages on cell phones.[6] SMS phishing uses cell phone text messages to deliver the bait to induce people to divulge their personal information. Smishing attacks typically invite the user to click a link, call a phone number, or contact an email address provided by the attacker via SMS message. The victim is then invited to provide their private data; often, credentials to other websites or services. Furthermore, due to the nature of mobile browsers, URLs may not be fully displayed; this may make it more difficult to identify an illegitimate logon page.[7] As the mobile phone market is now saturated with smartphones which all have fast internet connectivity, a malicious link sent via SMS can yield the same result as it would if sent via email.

Detection

Many of the same defences that apply for phishing also apply here. Smishing messages may come from telephone numbers that are in a strange or unexpected format.[8]

Cases

On March 9, 2012, Rewe issued a fraud alert regarding a large number of scam texts that offered a nonexistent $1000 gift card as bait.[citation needed]

In June 2018, the County of Orange Social Services Agency (SSA) warned residents of a phone/texting scam that attempts to obtain cardholder information of CalWORKs, CalFresh, and General Relief clients throughout California.[9]

References