ODU Expert Warns of 'Smishing' Scams That Target Text Messages
July 14, 2017
Hongyi "Michael" Wu
A cyber scam that could cost smart phone users a ton of money is on the rise as internet-based criminals move beyond the email inbox.
It's called "smishing," which involves scams that are presented like phishing emails, but sent via SMS (text messages). Scammers use these messages to trick targets into replying with personal information in order to access bank accounts or other online profiles.
For example, a fraudulent message might appear to be warning from a bank about an unauthorized charge.
Smishing scams have been around since as early as 2008, but are becoming more prevalent. It is one of the more dangerous scam techniques that exist today, said Hongyi "Michael" Wu, director of Old Dominion University's Center for Cybersecurity Education and Research.
"Most people trust text messages more than emails. Smishing messages often prey on people's sense of urgency," Wu said. "We often presume text messages come from our friends and trusted companies."
Wu said another major problem that often results in vulnerability is the way users are prone to make quick decisions when reading messages.
"Online users who use computers with large screens can view messages more carefully. In contrast, when we use mobile devices, we tend to skim through messages quickly and make mistakes" he said.
As the number of smart phone users increase in the U.S., Wu said it's likely that smishing attacks will increase also.
"In 2017, we are close to having over 200 million smart phone users. This large pool of potential victims naturally becomes a target for criminals," he said. "I also foresee that popular mobile apps will also be used by criminals for phishing in the future."
Although there's no foolproof way to block smishing messages entirely, Wu said the best way to avoid becoming a victim is to follow the same guidelines that have been set for other cyber scams.
Some of those guidelines include: avoid messages from unknown senders; don't click suspicious web links or phone numbers; invest in an anti-malware software that can identify smishing messages and; verify text message alerts from banks or credit card companies by calling them.
