What would you do if you received a message from your bank saying your ATM card was suspended out of the blue? Panic, right? Well, don’t worry – your bank would never notify you of such important action by SMS or voice-mail messages.
But fraudsters would and that is a huge threat to your mobile security. Taking advantage of the panic such messages will cause you, they can urge you to call phony numbers or go to certain websites. Then, trick you into entering sensitive data like your credit card details. Once you do that, they can do whatever they want with the information you provide.
Cyber-crooks can put into action such malicious schemes via SMSs (Smishing) and voice-mail messages (Vishing) – the younger sisters of internet phishing, born to compromise people’s mobile security.
“Smishing away” your mobile security
Just like traditional phishing scams, a smishing attack goes after sensitive information – usually financial and banking data. The only difference is the channel “smishers” use to send their panicky messages and phish for passwords, credit card numbers etc.: the Short Message Service (SMS) – hence, SMS + phishing = Smishing. Why have criminals turned their phishing attacks towards mobile users? Because the call to action in an SMS can be more effective and have a greater impact on the user than an e-mail on their computer.
So how does smishing compromise your mobile security? It all starts with an SMS, warning you something has happened to your credit card, bank account or an online purchase. In order to solve the problem, you are urged to take immediate action by:
- Calling a certain phone number. If you call the number provided by the SMS, don’t expect an answer from your bank’s Customer Support Service! The person or robot answering is part of the fraud and asks you for your banking details to use them without your knowledge.
- Clicking on a link. You’re directed to a malicious site where you’re asked to “confirm” (enter) your financial information, or click on a button – consequently, you download a piece of malware. In some cases, that proves to be a Trojan programmed to send SMSs to Premium Rate Services, from the phone it infects.
In any case, if you bite the bait and do what you’re urged to do, your mobile security is put at high risk. Here are some examples of such “bait” messages: “Visit www.---.com if you did not make this online purchase”; and “Your account has been suspended. Call ‘---’(phone number) immediately to reactivate”
“Vishing” you to give up your data
Another type of phishing fraudsters have been using is the one called “Vishing”, which is short for “Voice-mail phishing”. Some vishers will send you voice-mail messages saying they represent your bank, or some other financial institution, and urge you to call them back immediately or send them sensitive data to perform certain operations. Other vishers will skip the voice-mail part altogether. They will call you and persuade you to give up those details. Either way, your mobile security is run down.
How to avoid the sisters of phishing and protect your mobile security:
- Keep in mind that no bank or financial institution will ask for your credit card details, or other personal details via SMSs or voice-mail messages. No matter the operation they want to perform. So if you receive such messages, go directly to your bank or call their official number and ask what’s it all about.
- If you receive a message pointing you to a legitimate-looking website (your bank, some service provider) or urging you to contact Customer Service by dialling the number they provide, don’t! Look for the respective institution’s Customer Service phone number on their official websites or in one of their billing statements and call that instead. Also, you can always check your credit card number and get your bank’s phone number from there. Common sense plays an important role in your mobile security.
- To prevent any malware infections, prompted by smishing, install an effective mobile security app on your phone. BullGuard Mobile Security 10 comes with an antivirus engine for real-time protection against malware, and a bunch of additional mobile security features for your overall safety and peace of mind.