Useful tips to recognize and prevent SMS phishing (also called smishing)

In these corona times, criminals are increasingly using smishing. In false (fake) SMS messages they offer certain things on behalf of government agencies or banks. They also spread fake news about the corona virus and offer so-called “antibacterial payment cards”. In this article we tell you how to recognize smishing and give tips to prevent phishing via SMS.

What is smishing?
Smishing is a form of phishing via SMS. The word ‘phishing’ is derived from ‘fishing’; it concerns criminals who ‘fish’ for your personal data. For example, you will receive an SMS on behalf of a bank. At least, that’s what it looks like. Because by ‘spoofing’ criminals can make you believe you are someone else. The SMS message is not sent by the mentioned company but by a criminal who tries to retrieve your personal data or security codes (such as card number, login or pin code). Spoofing can also take place over the phone. For example, you will receive a phone call from someone who claims to be from the Customer Service department of bank X. Even if you receive a call, never give out personal information and do not transfer money. What you can do: ask questions, be critical and just hang up if you don’t trust it.

How do you recognize a smishing message?
You can recognize smishing by going through a number of questions when you receive such a fake SMS message:

• Is the link (the URL) real?
  A fake SMS message can contain a link to a website where you have to leave your data or security codes. This is not correct and a bank or government institution will never ask for this via SMS.
• Are you under pressure?
  Some SMS messages indicate that if you do not respond quickly, your bank account will be blocked. Or there is even a threat with a debt collector. These types of messages are always fake.
• Are personal data or actions requested?
  A bank will never ask you to send your bank card back to them, to fill in your PIN code online, to request a new payment card or to log in via an SMS message (or e-mail). If these kinds of requests are in the message, you can assume that it is not correct.

How do you recognize a real URL in a text message?
It is quite difficult to distinguish a ‘real’ (non-criminal) URL from a fake one. So pay attention:

1. Check where the link in the message goes to
   On a computer you can ‘hang’ the mouse cursor above a link to view the address without opening the link. On smartphones and tablets this works by pressing and holding the link down for a moment. Check the URL carefully. Is it really about the company in question? If the address looks suspicious, for example with a long string of characters, do not click through.
2. Check if the URL is real
   In a URL, the most important part is always before the first slash (/). An example: at the Rabobank it is always ‘rabobank.nl’ that is put first and only after that the slash-character. An example of a good URL: https://www.rabobank.nl/privateindividuals. And of a fake URL: https://www.rabobank.nl.now/. The slash is only at the end of the url and not after ‘.nl’. But be careful, because criminals are increasingly using domain names that look a lot like the real website, for example www.abmamro.nl. So stay alert. If in doubt, always contact the relevant authority first to check whether such messages have been sent.

This will prevent you from becoming the victim of phishing messages
So let us get some things straight:

• If you receive a text message requesting you to click on a link, be extra vigilant. Who is asking and why?
• At first check with the source (the sender) to make sure it is correct. In any case, never click on links and never give out personal information via SMS or email.
• Take extra care if you receive a text message from, for example, a credit card provider, a bank or the government. These organizations never ask for personal information through these channels.
• When you receive a message for which you need to log in, you better go to the correct address in your browser yourself. This is much safer, because it gives you control over which web address you visit.

Apply SMS messages effectively and securely
Let’s conclude with a positive fact. Despite the smishing attempts, we can state with certainty that SMS messages are above all an effective and safe way to inform customers, patients, employees and others about all kinds of things. From an appointment reminder to a marketing campaign. SMS messages have proven their usefulness for a long time. In healthcare alone, millions of euros are saved annually by using SMS service as an appointment reminder. At Spryng we know everything about that. And we also know how you can use SMS in a fast and secure way for your company or industry. With one simple (and secure!) SMS API. Want to know more? Call us at +49 30 3080 6900.