Smishing is a phishing attack that comes in via text messages (SMS) instead of email. The usual goal is to steal usernames, passwords or credit card numbers. They may also trick you into installing malware. As with phishing, the message appears to come from a trustworthy company. Those sorts of smishing attacks are sent out far and wide.
Spear smishing is a highly targeted text message to a specific person, business, or organisation. As with
spear phishing, online research is conducted to ensure these messages sound genuine.
Common smishing messages
A common smishing attack is where the sender pretends to be a well-known retailer. The message will tell you to verify your billing information so your package can be delivered on time. The fake message contains a fake website link, and as soon as you enter your information, it is stolen. More often than not this information is used to commit fraud and identity theft.
Smishing messages usually contain some kind of urgency to encourage you to act immediately.
Lockdowns saw a rise in “couriers” texting messages along these lines:
“DHL has received your parcel with order number DX129537856. There is $3 outstanding on the delivery fee. Please visit www.similarsoundingname.co.nz to pay the outstanding balance so we can deliver your parcel.”
Latest smishing messages in New Zealand
Cert NZ has heard of more than 30,000 reports of the ‘FluBot’ smishing text scam. The wording of the texts has changed several times already and it is likely messages will keep changing.
Be wary of any unexpected texts that ask you to click on a link. Current texts include:
- You have a parcel delivery that is pending
- Someone is attempting to share an album of photos with you
- You have received a voicemail.
No matter what the message is, they all ask you to click on a link. Do not click on it. It will direct you to a page with instructions related to the message you have received, or a page that looks like a security warning that you have FluBot installed.
If you follow instructions on these pages, your phone will be infected. Once a device has been infected with FluBot it can result in significant financial loss.
FluBot attempts to steal your banking and credit card information as well as your contact list. It uploads your contacts to a server to continue spreading itself.
Who gets fooled?
More people get fooled than you would think. We have a natural tendency to trust. When the smishing message comes from reputable companies, and the message looks plausible, we don’t even question it.
People who know they haven’t ordered anything will delete it, but those who are expecting a package will act. Even the most cyber-aware people were tricked by “courier” smishing messages when they were expecting a delivery during lockdown.
Does your small business have the right cyber security in place?
Most small businesses do not have enough
cyber security layers in place to fully protect their business. Are you doing enough?
Contact us for a confidential chat about your personal or business circumstances and we can advise you on what protection you need. Or we can take care of everything so you have total peace of mind with our
Small Business Cyber Security Support Package.