previous icon Back to blog
Jan 12, 2023
4 minutes read

What Is Smishing and How Can You Protect Yourself Against It?

Even if you’ve never heard of “smishing” you have almost certainly been the target of this type of cyber fraud. Smishing weaponizes SMS messages to scam recipients into disclosing sensitive personal information or to unwittingly infect a mobile device with malware.

For most of us, not a day goes by without one of these fraudulent texts appearing on our phones; some clearly fake, but others much more professional and persuasive. Businesses, health providers, and governments are also harmed by smishing, not just financially but also reputationally because the fraudsters use (that is to say, abuse) reputable brand names to perpetrate their crimes.  

Fraudsters are persistent because smishing works. Europol recently rounded up 59 scammers who were using stolen credit card details to purchase luxury items. Smishing is at the mobile heart of a payment fraud apparatus which in 2021 caused global eCommerce to take a $20 billion hit.

The best way to frustrate the fraudsters is to identify their false messages, and to always be on guard. In this blog we describe how you can do that, and so prevent yourself or your company from being “smished”. 

Phishing, Vishing or Smishing

The term “smishing” is a mash-up of SMS and the more familiar cyber scam of “phishing” where fraudsters use emails to cast their bait of false information. If the mode of attack is a voice message we refer to it as “vishing”.

fraud-monitoring-compromised-account

Whereas phishing is a scam that originated in the PC era, smishing and vishing are responses to the dominance of mobile communications and they are now increasingly prevalent. It is estimated that SMS attacks rose more than threefold during the first wave of Covid lockdowns in 2020, reflecting the opportunism of the fraudsters.

It’s not just individuals who are being targeted. The financial forensic experts Kroll reported that in 2021, 74% of companies were exposed to smishing, compared with 62% in 2020.

The rise in smishing attacks simply reflects the way we live now. We organize and record our lives on our smartphones, so this is where the fraudsters thrive. 

What Are the Most Common Examples of Smishing?

The Covid pandemic had a huge influence on smishing. As the lockdown forced us online for our shopping, we saw a huge increase in “delivery scams” with texts supposedly from UBS or FedEx urging us to click on a link to track our parcel or reschedule a delivery.

Fraudsters were extremely cynical in their exploitation of the Covid tragedy by telling people that they had been exposed to the virus or by claiming that they were entitled to certain Covid relief grants.

The isolation people felt made them more susceptible to “classic” scams such as fake bank or tax rebate messages. In 2020, the UK tax authorities received an astonishing 864,000 referrals of suspicious text messages; more than half a million offered bogus text rebates.

What all these smishing scams have in common is the sense of urgency with which they want us to act – i.e. to take the bait – before we’ve had the time to recognize them as fakes. This is the first telltale sign you should ignore and delete the SMS. But there are other ways to prevent being a victim of a smishing attack, and we shall conclude by looking at those. 

How to Prevent Smishing

There are some commonsense rules we should all observe:

  • If the SMS is unexpected, do not respond

  • Alerts from financial institutions can usually be verified online or by contacting them directly

  • Most smishing texts give the game away by random URLs, or URL addresses with HTTP rather than HTTPS prefixes which tell you the site is unencrypted.

  • Embrace two-factor authentication (2FA) which will thwart the fraudsters even if your account has been breached.

While growing awareness of smishing should over time reduce the menace, fraudsters are always looking to piggyback off the latest technologies to devise new scams.

Companies use SMS as a legitimate and highly effective marketing tool, often using SMS providers as CM.com to do that. Because smishing scams are essentially a numbers game, CM.com accounts are appealing targets for the fraudsters – they can hide their identity and send messages at scale free of charge. CM.com account holders should:

  • Enable 2FA on their account

  • Never share their API-token, or show it on their website(s) to end users, not even in encrypted form.

  • Set limits to monthly credit amounts so in the event of a breach, the damage is limited. 

CM.com is as determined to fight the smishing fraudsters as your telecom provider, your bank, and other targeted bodies, so if you suspect you have been a victim of fraud, contact the relevant organization as quickly as possible.

If you have any questions, feel free to reach out to your account manager or the fraud team.

Was this article interesting?
Share it!
CM.com
connects tens of thousands of companies with millions of consumers via their mobile phone each day. Behind the scenes, from our innovative platform, CM.com makes sure companies can use these millions of messages, phone calls and payments to become part of people’s lives.

Latest Articles

sms-vs-mms-vs-rcs
Feb 08, 2024 • SMS

SMS vs MMS - What is the Difference?

There are many different ways to send text messages, and the various names and acronyms may start to feel daunting. In this blog, we'll tell you everything about SMS and MMS.

sms-in-ecommerce
Feb 07, 2024 • SMS

SMS for eCommerce - Create a Successful eCommerce Strategy With SMS

Want to grow your business? Then customer contact is key. Now that everybody and everything is connected to each other via those powerful little computers in our hands, the way you communicate with customers is becoming increasingly important for your succes. Read all about how you can use SMS to elevate your customer contact, drive sales and create that loyal customer base.

how-popular-is-sms
Feb 07, 2024 • SMS

How Popular Is SMS in 2024 and What Is Its Added Value for Business?

SMS is one of the oldest text messaging services, and the rise of instant messaging apps definitely made a dent in SMS traffic. Contrary to the newer apps with their rich features, SMS is quite basic in its features- plain text messages, not fluff, and a character limit of 160. Regardless, SMS is still one of the most impactful communication channels today. Read all about SMS statistics and its continued value to modern business communication.

WhatsApp vs SMS: A Comparison For Businesses
Nov 30, 2023 • SMS

WhatsApp vs SMS: A Comparison For Businesses

WhatsApp and SMS are both immensely popular messaging channels. Both have their own unique traits, use cases, and added business value. We probably all acknowledge this, but what are the differences between these two exactly? What are the similarities? And more importantly, which one will add the most value to your business? In this blog we'll dive into the world of WhatsApp vs SMS.

mfa-sso-blog-hero
Nov 06, 2023 • Authentication

MFA/2FA vs. SSO: Navigating the Digital Security Landscape

In today's interconnected world, the importance of robust digital security cannot be overstated. As businesses and individuals grapple with increasing cyber threats, the choice of security measures becomes crucial.

live-meta
Oct 31, 2023 • SMS

Why SMS Remains as Essential as Ever for Black Friday

One might assume that SMS has lost relevance in an era dominated by popular messaging channels such as WhatsApp and Instagram. However, when it comes to Black Friday, one of the most anticipated shopping events of the year, SMS remains as important as ever. While consumers are bombarded with emails, push notifications, and social media advertisements, the humble SMS message, with its 98% open rate, often cuts through the noise and connects businesses with eager shoppers.

messaging-fraud-and-prevention-for-businesses
Sep 25, 2023 • Security

Combat SMS Pumping (AIT) Fraud Effectively With CM.com

In this digital era, providing the optimal customer experience means connecting and engaging with your customers online on their favorite platforms and channels. Online (automated) customer engagement and A2P (application-to-person) messaging is bigger than ever, which unfortunately also means that messaging fraud is on the rise. Artificially Inflated Traffic (AIT) fraud has become an alarming issue in the telecommunications industry, but worry not! CM.com has built the perfect safeguard feature to protect your business endeavors from AIT fraud.

introducing-our-global-high-availability-endpoint-for-cpaas-min
Jul 26, 2023 • Messaging

Introducing Our Global High Availability Endpoint for CPaaS

CM.com continuously innovates its enterprise-ready CPaaS (communications platform as a service) solution. The business messaging platform offers one simple connection for all channels and conversations and allows customers to connect to their end-users via their preferred channel, hassle-free.

whatsapp-authentication
Apr 06, 2023 • Authentication

Two Factor Authentication (2FA) on Different Messaging Channels

Two Factor Authentication, or 2FA, is an effective way to protect your data and your customers. But how do you set up Two Factor Authentication? And what messaging channels can be used for 2FA?

Is this region a better fit for you?
Go
close icon