Smishing, short for SMS phishing, involves attackers manipulating and deceiving victims through SMS to extract confidential information like logins, passwords, bank card numbers, and CVV codes. The popularity of this form of attack is on the rise, with text messages having an open rate exceeding 90% and a conversion rate ranging between 20-45%.

Common Smishing Schemes

Phone numbers for these attacks are often acquired by cybercriminals through online shops that store the personal data of registered customers. Typical smishing schemes include:

1. Installing Malware. Victims receive an SMS, seemingly from the bank, reporting an attempt to withdraw a large sum from their card. The attacker asks the recipient to click on the hyperlink if the money was not withdrawn. When the victim's smartphone is clicked, spyware is downloaded that tracks logins and passwords entered from the device's keyboard. Often fraudsters send SMS on behalf of mobile operators and Internet providers - the messages ask to click on a link and urgently confirm your tariff, so that there is no automatic transfer to a new tariff plan.
2. Requesting Bank Card Details. Victims get a message asking for financial aid for disaster victims, requesting the transfer of funds along with their card's number, expiry date, and CVV code. Fraudsters may also pose as bank employees, claiming a card blockage due to a system failure, prompting the victim to enter their details. Once obtained, criminals withdraw funds from the victim's bank account.
3. Stealing Corporate Information. Fraudsters impersonate the victim's workplace, sending SMS requests to authorize through a new registration/authorization form, citing a software update. The obtained login and password are then used to access confidential corporate databases.

The main sign of smishing is the emphasis on urgency. In most cases, attackers ask you to perform the required action immediately: before the money has left the account, the tariff plan has not automatically changed, the bank card has not been blocked forever, etc.

To prevent your customers from becoming victims of smishing attacks, we offer to set up informational SMS-messaging and warn them about the potential threat. Contact DecisionTelecom sales department for detailed information about the service, tariff plans and possible discounts for your project.