Text messaging is the most common non-voice use of a mobile phone. There are trillions of text messages received around the world each day, and an increasing number of them are spam, or phishing attacks of some sort.
Cyber criminals are good at identifying lucrative markets and targeting weak links. Users are conditioned to recognize suspicious messages and security threats on PCs, and there’s generally security software in place to detect and prevent attacks. But, many people assume mobile phones are inherently safe, and don’t realize that malware and phishing attacks are a concern for mobile devices as well.
People are used to receiving text messages, and are not likely to think twice about the security implications of clicking on a link in a text. The major Web browsers have phishing protection built in to alert the user to suspicious sites, and users can generally hover over a link to display the true URL on a PC, but mobile phones aren’t equipped to help users avoid malicious text messages.
Tim ‘TK’ Keanini, CTO of nCircle, explains, “In some ways ‘smishing’ [the term used to describe SMS phishing] is a more promising tool for cyber criminals than phishing (email) because at the moment users have fewer defensive technology tools.”
Jeff Wilhelm, senior analyst with Symantec Security Response, agrees that smishing is a growing security concern for mobile phone users. “Just like with email, attackers can use text message spam to spread malware, phishing scams and other threats among mobile device users.
Webroot Threat Research analyst Armando Orozco says that users can protect themselves from smishing by adopting the same security practices applied for traditional email phishing attacks. “Never click on links in, respond to and never install an app from unsolicited SMS messages. If you receive a suspicious link from a contact, check with that person to see if they sent it.”
Keanini offers this advice: “Everyone needs to take a hard line with text messages; don’t trust anything. If you have the slightest doubt about the authenticity of the message, don’t even think about clicking.”
You might also consider adding security software for your mobile device. You may think of it as a mobile phone, but smartphones are just smaller computers loaded with gigabytes of sensitive information that attackers want. Use the same tools and common sense with your mobile phone that you use to avoid malware and phishing attacks on your PC.