What is SMS phishing or fraudulent SMS?

Smishing, also known as SMS phishing or fraudulent SMS, is a technique used by cybercriminals to deceive victims by impersonating trusted third parties such as government agencies, banks, delivery services, or online services. The term "smishing" is a portmanteau of "SMS" and "phishing."

SMS attacks can steal private data and spread malware to other users. SMS and other text message attacks can use various tools to carry out their attempts. However, these attacks often involve malware.

Why is SMS phishing on the rise?

Cybercriminals are particularly interested in smishing because:

• It is more difficult to identify fraudulent SMS messages.
• It is more difficult to identify a malicious website on a mobile phone after clicking on a link received by SMS. Indeed, due to the small screen size and depending on the web browser used, the information on the site you are on is not immediately and fully visible, and the site address is generally truncated.
• Smishing exploits our habits of receiving notifications of all kinds on our mobile phones, such as validation messages, confirmations, or other alerts. And, in general, to react to them instantly.

How does SMS phishing work?

• The user receives a fake SMS containing a link to a malicious website, or containing malware as in the case of fake emails; The link is described as a link to a useful application (banking, etc.);
• The link usually leads to a phishing website that may try to get you to provide your personal information, which can in turn be used, for example, to steal money from you or commit other fraud. The link may also redirect you to a fraudulent website containing malware or trying to get you to download it, if you do, the fake app or malware will be installed on your phone with a contextual interface in which you will have to enter your banking or other credentials;
• If a user "takes the bait", their banking, personal, and professional information ends up in the hands of cybercriminals.
• It can also be sent as an SMS intended to encourage the recipient to make a call to a premium rate phone service. As a rule, this message informs the customer that they have won a prize and provides a premium rate number that the customer must call for more details.

Signs of SMS phishing (fraudulent SMS)

• A suspicious phone number, for example an unknown number
• The message contains unknown files or links.
• SMS phishing messages are generally urgent and alarming in tone.
• SMS phishing messages often take the form of a prize or information on how to win something.
• It may be about resolving a payment incident, canceling an order that the victim did not place, obtaining a refund, a problem such as blocking an online or bank account, or an administration.

Consequences of a phishing attack (fraudulent SMS)

• Theft of personal and financial information: Phishing attacks aim to steal sensitive information such as credit card numbers, passwords, and personal data.
• Fraud and identity theft: Information stolen during a phishing attack can be used to commit fraud.
• Financial losses: Victims of phishing can suffer direct financial losses, such as theft of money from their bank accounts, or indirect losses.

What to do if you receive a phishing SMS?

• Never disclose sensitive information in response to an SMS
• Do not reply to SMS from unknown or international numbers
• Do not click on any links
• Block the sender. Most smartphones allow you to block specific numbers or senders
• Install antivirus software including an anti-phishing or anti-spam feature.
• Be wary of messages that seem urgent, as fraudsters use emotions to make you act without thinking.
• If you think you have been the victim of phishing, change the password for all your accounts.

Finally, if you think you are a victim of a missed call scam or if you have received a suspicious text message, do not hesitate to report the phone number that originated the spam in order to expand the anti-spam system database of Mobilis. This can be done through:

• The reporting platform The reporting platform
• Sending the content of the received SMS by adding the sender's number to 654
• Scanning the following QR code