Are you accustomed to the crime of stealing sensitive information? Even if you don’t know the details, most of us have heard it once – an unexpected email that seems harmless at first but doesn’t seem right at first glance. These emails are sent by cybercriminals and usually contain malware or malicious attachments that, if downloaded, may result in data breaches or theft of sensitive information such as passwords and card details. You can learn more about phishing scams via email on our blog here or download our easy-to-use scam sheet.
SMS Phishing – what is it?
It is essential to acknowledge that the crime of stealing sensitive information via email is one form of attack on social engineering. As we rely more and more on our smartphones for communication and all records of browsing and online transactions, cybercriminals are also targeting our phones. On average, only 27.5% of people are aware of the threat of stealing sensitive information via SMS, but we are open to 98% of all messages we receive (compared to 20% of emails). Cybercriminals run their businesses to take advantage of these statistics, trying to catch us with a seemingly innocent message.
And that’s precisely what smoking is – an SMS text sent by an attacker with malicious intent.
How does smoking work?
The crime of stealing sensitive SMS information is a growing threat because we do not suspect cyber attacks and because smartphones need less protection than our PCs or laptops. However, a bad link sent via SMS can work the same way as the one sent via email. Once you have been tricked into clicking a link, malware can automatically install itself on your phone and help with any information stored in your applications – from login to your credit card details. For business/work phones, any sensitive information or business data stored on the device may also be targeted, which could lead to GDPR violations.
How do I know that SMS is not real?
Cybercriminals are savvy and are always finding new ways to hide their attacks. SMS to steal sensitive information often pretends to be from a reputable source, perhaps impersonating your mobile network provider or bank. Note:
Suspicious activity claims on your accounts
Requests for donations
Links that could lead you to a fake site that could steal your information
Notices that you have received a fine
There are many ways they can try to encourage you to follow the link or respond with personal details. Just remember that when you respond to or visit their site, they have your details and can easily access your accounts.
Why is it so dangerous now?
Just because we are in the middle of an epidemic doesn’t mean cyber makers are taking a day off. According to the National Fraud & Cyber Crime Reporting Center, more than 160,000 suspected emails were reported to their Suspicious Email Reporting Service in the first two weeks after the service was suspended. Most of these have tried to use the current state of COVID-19, providing people with non-order links for self-defense equipment or test kits.
In fact, according to a recent study by Citizen’s Advice, more than a third of British adults have already reported that they are victims of a Covid-19-related scam. The National Cyber Security Center has released a workable information sheet about four common SMS scams already known and what to look for.
The launch of the NHS Test and Trace government service brings many reasons for monitoring incoming messages. This service communicates with people via SMS, email, and phone to let you know that you are connected to someone who has tested Covid-19. Without the assurance that actual messages will direct you to the official government site, SMS will ask you to open a link is already a problem.
The most commonly used strategy is the scam of crime to steal sensitive SMS information; most people should be reluctant to trust any link sent via text message. Also, if you follow the link, the information you are asked to provide – name, date of birth, postal code – is all a preparation task for anyone who wants to try to access your accounts. A cybercriminal can take advantage of this by creating a good-looking repetition of SMS, so it is more important than ever to pay attention and know what to look for.
How can I protect myself?
Like the crime of stealing sensitive information, the best way to avoid becoming a victim of a smoking scam is to educate yourself, your friends, family, and colleagues about what to look for.
Follow these basic rules:
Never answer a number you do not know.
Never send your details by text. Remember that a reputable company will not ask for this.
Never follow a link from an SMS. If the text is valid, you should access any relevant information by navigating through the company’s website through your browser.
Take Five has a lot of great tips on what to look for.
What should I do if I think I am being directed?
If you think you have become a victim of smoking, you should cancel your bank or credit card and notify the bank as soon as possible. They should be able to provide ongoing support. You may want to update your passwords for whatever you think might be revealed and report the incident to Action Fraud so they can keep track of the most common attacks.