Smishing Attack: A Growing Cyber Threat

Smishing and vishing: How these cyber attacks work and how to prevent them | CSO Online

What is Smishing Attack?

If you believed that phishing could be the only possible threat to cyber-security, then you need to hit the rock bottom! Cyber-attacks are expanding like spider webs over the internet to create havoc in the security system of various sectors across the globe. Just as a phishing attack, a smishing attack is a type of cyber-attack which is infamously trending and carries advanced techniques to obtain victim’s data.

Smishing is a blended word, made with the combination of SMS and phishing. Just as cyber-criminals use emails to phish people into opening malware-laden attachments, smishing attacks are carried out using text messages.

What Is A Smishing Attack? (And How To Prevent It) | PurpleSec

SMS phishing or smishing is an unethical practice of sending fraudulent cellular texts to users to trick them into downloading the attached file or redirected link. These attached links take users to malware-laden websites on their mobile phones.

Smishing text messages contain absurd phone numbers or links to lure customers for immediate response. Smishing attack on your cellular device can be deployed in any form of attention-seeking text.

These nefarious text messages could claim to be your bank asking for your financial information. It could also ask in a tricky way for your ATM number or account details to get access to your bank balance.

Recent Smishing Attack Example: 

Just like phishing, smishing attack is deployed using cellular text messages with the motive to lure customers into giving away information. Smishing text messages often contain URLs or phone numbers.

The phone numbers usually have an automated voice system as a response. When it comes to SMS phishing, attackers use smart ways to trick victims into believing the text message they receive.

What is 'Smishing'?

For instance, if a smishing message comes from a number “5000” instead of any actual phone number, it means it is sent through email on the cell phone. This is done to indicate a legitimate message to trick people.

In an article by Cyware, a smishing campaign, “Lucky Draw Campaign” was targeted on Indian Nokia owners. In February 2019, Nokia owners received a text message claiming they have won a lucky draw.

The message was impersonated to have come from ‘ online shopping Pvt’, claiming that the recipient has won Tata Safari or Rs.12, 60,000. However, it urged recipients to pay to 6,500 Indian rupees to claim their prize.

How to Prevent Smishing Attacks?

4 Clever Smishing Attacks to Watch for in 2021 | TechnologyAdvice

  • Never click on any links in text messages which come from unknown resources.
  • Restrain from responding to personal text messages that ask for your personal details.
  • If a text message looks like an alert or shows any urgency, verify the legitimacy of the source first before responding.
  • Look out for messages that are no sent via phone number. Scammers often mask their identity so that their location or identity could not be traced.
  • Messages that might be sent at odd hours or apart from business hours are usually smishing attacks.
  • Never give away your bank details or financial information easily to any text message asking for your credentials or verification.
  • Cyber Security researchers highly recommend organizations as well as individuals to use good security awareness tools as a preventive measure.

5 Data Security Tips for Working From outside Office

Data Privacy vs. Data Security [definitions and comparisons] – Data Privacy Manager

One of the biggest advantages of the internet is that it has enabled business users to work away from the office. With technology such as laptops and smartphones, we can work from home and when commuting and take our data with us when we go to meet clients. While this brings a range of benefits, it also creates an increased responsibility to keep that data secure. In this post, we’ll give you some tips on how to achieve that.

1. Backup regularly

How to select a data backup system - TechRepublic

Imagine that one of your employees develops a lucrative project for a client and is travelling to meet them. Imagine, too, that the only copy of the project is stored on the employee’s laptop. There are numerous weaknesses in this scenario. The laptop can break, it can get stolen or it can become one of the many that get mislaid by travellers every day. 12,000 laptops a week are left abandoned just at US airports.

The possible consequences of this are that the months of work put into the project are wasted and the lucrative contract is lost.

By backing up your data regularly, however, this problem can be completely eradicated. If the laptop is lost, you’ll still have another copy of the data to use. While backing up can be done simply by saving data to a USB drive, the best option is to use a cloud backup service. You can’t lose cloud storage like you do a pen drive and you’ll be able to access the data from any machine with an internet connection.

2. Turn unused devices off

The Fact on Whether Turning Off The Main Power of Unused Appliances Would Save Electricity - Goody Feed

Another data security loophole is that people don’t always realise that a laptop with the lid shut is still vulnerable to attack. Closing the lid simply initiates a low-power sleep mode designed to bring the machine back to life quicker than rebooting. While the hard disk powers down, the laptop’s memory continues to be active and can be accessed and copied using an external USB port. What’s perhaps worse, is that for encrypted laptops, the vulnerable memory can contain the encryption keys giving hackers access even to encrypted data.

The solution is simple, when devices are not in use, they should be shut down, not put into sleep mode.

3. Use encryption

What Is Encryption? Explanation and Types - Cisco

Encryption turns your data into an unintelligible string of characters that even the boffins at GCHQ couldn’t unscramble without an encryption key. It means that even if your raw data was hacked or stolen, no-one would be able to make sense of it.

As a safety precaution, all devices used out of the office should be protected with encryption software. Such apps can keep personal files, contacts, notes, wallets and multimedia files secure, as well as backing up your passwords, recording unauthorised login attempts and sending notifications of attempted hacks.

At the same time, those companies which store their data in the cloud should make sure that this too is encrypted, so that if a user gains access to the machine, there is another layer of protection to prevent them getting hold of the data stored online.

4. Network protection

Exploring Network Security (+8 Ways to Protect Your Network)

Another potential vulnerability is someone getting access to data via an attack on the network. Devices are particularly vulnerable when they connect to mobile hotspots with weak data security and it is here, in places like transport stations and public areas that hackers may make attempts to steal your data.

One of the first steps you should take is to ensure employee’s devices have a properly configured firewall that will block suspicious connection requests. As a company, you should ensure the firewall configuration is put in place by your own IT team, whether this is on a company device or on a personal device that an employee uses for work.

Another data security feature is the use of Virtual Private Networks (VPNs) which will protect the users’ devices when they connect to any network away from the business premises. Though the connection is not as fast, the data will be automatically encrypted, preventing it being compromised by those seeking out victims on public networks.

5. Use cloud storage

How to Use Cloud Storage for Memory

Using cloud storage can really help boost the data security. For a start, as data is held centrally on the server, there is no need to have a separate copy of it stored on the laptop or other device. This way, if the device is lost or stolen, there is no data to steal. As data stored in the cloud can be encrypted, even if someone has access to the laptop, they will not be able to access the data without the encryption key, for which further authentication should be needed. The other benefit, of course, is that keeping data stored centrally means that should one person update a file, everyone else will have access to the latest version. When separate versions are stored across many different devices, it can be difficult to know which is the most up to date.


While the internet has given us better ways to work and communicate and freed us from the confines of the office, it does create risks that we need to manage effectively. Data stored on devices can be stolen by hackers accessing the hardware or from intrusion over a network. Hopefully, the tips provided here will help prevent this happening and keep your company’s devices and data secure.

error: Content is protected !!