5smishingBy now, everyone is familiar with phishing attacks, where cyber criminals pretend to be a legitimate company or bank and try to get users to reveal personal information by sending out emails. The same can happen via SMS, and is called smishing. A typical smishing text message would appear to be from the users’ financial institution, asking them to confirm or supply account information. This is especially dangerous since some people are used to receiving official SMS from their banks.

mCommerce and especially mPayment provide even more of a risk, since there are more services and companies for criminals to impersonate. If you‘ve recently bought something via mCommerce from your smartphone using PayPal, for instance, you probably won‘t be surprised to receive an SMS from the assumed company, asking for additional information, but could be a scam. So it‘s not just up to users to be careful when clicking on links in SMS and recognizing potential smishing messages, it is also important for all online and mobile payment services to educate their users.

Everyone should keep in mind that legitimate financial institutions will never ask you to send personal information via text message, email, or automated voicemail. If you receive a text message, requesting sensitive information such as account details, the sender probably has criminal intents. If you want to make sure you‘re not ignoring important information from your bank, it is better to contact your bank directly.

Cyber criminals, pretending to be a trustworthy company you have a relationship with, will try to make use of urgency in their messages to get you to react before you think much about it. Don‘t click on links and don‘t respond! Links can result in malware downloaded to your smartphone which in turn will enable criminals to access to sensitive information from your smartphone, and even take control over the device.

Users should contact their bank in any case, if they receive a suspicious message, since this is the best way to report the smishing attack. Banks will try to follow up, since this could be harmful to their reputation and especially allows them to react by warning their other customers.

Mobile security is an important topic in general, as smartphone are not just under attack from smishing and phishing messages, but there is also spyware, bots, premium dialers, root exploits, fake installers and download trojans. Make sure to protect your smartphone with a good mobile security software which should include antivirus protection, app protection, anti-malware, privacy scanner, real-time protection, anti-theft (backup and restore functions and tracking in the case of loss or theft), message filter, safe browsing and data encryption.

According to toptenreviews.com, the top ten mobile security providers are:
1.    Bullguard
2.    Lookout
3.    McAfee
4.    ESET
5.    Kaspersky
6.    Trend Micro
7.    F-Secure
8.    Webroot
9.    NetQuin

At the end of the day, both users and companies such as banks, eCommerce retailers and mPayment service providers should stay educated on the latest threats, and know how to avoid them.


By Anjum Siddiqi