A Smishing attack or SMS Phishing is a type of social
engineering attack that takes advantage of SMS to send fraudulent
links to users that redirect them to phished login pages and websites.
On these pages, the users are asked for their personal credentials
such as password, login information, bank account details, and PIN. With the help
of this information, the cyber attacker can easily draw out money or sensitive information.
Supposedly, today a user received a text message on their phone which goes something like this:
On clicking on the link a phished landing page opens up the mobile screen that usually starts an
auto-installation of a Trojan horse or Malware that allows hackers to gain direct access to the
user’s device, or asks the user to submit banking credentials.
Types of fraudulent SMS a user may get
“Bank account is frozen”
This type of SMS received by the user generally expresses urgency regarding the bank account of
the user being frozen and the detection of unusual activity on the account.
“Credit card alert”
Another very popular SMS received by users of a malicious nature is cyber attackers impersonating
credit card companies, to send alert messages regarding ongoing activities via the user’s credit card.
“You are our lucky winner”
Fraudulent SMS regarding prizes or coupons won on a site can be an effective way to lure in victims.
Telling victims that he or she is the lucky winner of a subsequent amount of cash prize can lure them
to click on fraudulent links.
.“Free gifts on taking a survey”
Cyber attackers may perpetrate a Smishing attack via a survey conducted on a fake website where the
user’s personal credentials are asked. The message often includes a free gift coupon offered on taking
the survey to lure in potential victims.
“Unusual account activity”
The user may receive an SMS on his mobile device informing him about an unusual account activity in his email account.
The user may be asked to disclose his banking credentials in order to resolve the problem.
How to prevent a hacker from Smishing you?
It is safe to ignore or block the number if the SMS sent via unknown sources.
Make sure the phone number is an authentic one. Suspicious looking phone numbers (e.g. 4000) can be from malicious sources.
Don’t be quick to click on links sent via SMS before confirming its authenticity.
Do not install apps whose download link is shared via SMS. Rather download them only from official app stores.
Don’t be easily lured by offers, coupons, or prizes mentioned in the SMS from suspicious sources.
Check for grammatical errors in the SMS.
Check for minor changes made to original or popular brand names in order to trick users.
Smishing in the News
Attention! Fraud transaction in your bank account?
TBS bank in the UK suffers a major data breach when customers
receive a fraudulent SMS on their cell phones, impersonating the bank, asking
for the user’s baking credentials urgently. Most customers fell prey to the
attack and disclosed their account number and PIN.
Live Updates: COVID-19 Cybersecurity Alerts
Cell phone users in the US suffered a major data breach when
instigated to download a Trojan Horse via SMS that started an auto-installation
of a fake pornographic application. Activities by users on this application were
used by cyberattackers to access sensitive information present on their devices.
Why avail a social engineering attack awareness training program?
Employees in an organization are usually ill-informed about cyber attacks and
security-related problems. They are unaware of the latest trends and techniques
used by cybercriminals, and hence they easily fall prey to impending threats.
Without spreading awareness among employees adequately, it is impossible for
an organization to protect their assets and finances from hackers. Consulting
with security analysts and experts so as to avail a well-rounded cyber attack
awareness training program can help educate employees regarding social engineering
attacks and their preventive measures. The program includes 3 comprehensive steps
for complete cybersecurity awareness and training:
To perpetrate the first round of dummy phishing attack on employees
Knowledge imparting session
Imparting details knowledge on phishing attack and prevention via video advisories, presentations, and lectures.
Evaluation and Assessment
Regular cumulative assessments are conducted to ensure that the employees are making improvements while handling phishing attacks.
Please fill the form to download Case Study
Kratikal Tech. Pvt. Ltd. is the trusted standard for companies and
individuals acquiring services to protect their brands, business and dignity from baffling