Now you introduce Smishing? - Tech Tuesday

A great good morning to all my readers, welcome to my blog on this nice Tuesday Morning! Happy Tech Tuesday at Blog de Toxifier? LOL! :D



Last week, I received a newsletter, that had a video on how to protect yourself from Smishing. For a second I thought I read it wrong and didn't care. Last evening though it struck me to read it. I searched the Internet to clarify if it exists, or have they used a wrong word. To my surprise I came to know this a new kind of phishing!

The first thing that came to my mind was, "Damn! Everything that gets popular is caught in crime!" Well, my statement isn't incorrect. First it were Windows, then JAVA, then the Internet, recently Mac, and now Mobile Phones? It's too much to take now!

Reading on Wikipedia, let me copy it, I found this:

In computing, Smishing is a form of criminal activity using social engineering techniques similar to phishing. The name is derived from "SMs phISHING". SMS (Short Message Service) is the technology used for text messages on cell phones.

Similar to phishing, smishing uses cell phone text messages to deliver the "bait" to get you to divulge your personal information. The "hook" (the method used to actually "capture" your information) in the text message may be a web site URL, however it has become more common to see a phone number that connects to automated voice response system.

Text messaging is the most common nonvoice use of a mobile phone, and scam artists are taking full advantage of that. In fact, according to security firm Cloudmark , about 30 million smishing messages are sent to cell phone users across North America, Europe, and the U.K. Smishing is part of the much larger SMS spam problem. In the U.S. alone, there has been an almost 400 percent increase in unique SMS spam campaigns in the first half of the year.

The smishing message usually contains something that wants your "immediate attention", some examples include "We’re confirming you've signed up for our dating service. You will be charged $2/day unless you cancel your order on this URL: www.?????.com."; "(Name of popular online bank) is confirming that you have purchase a $1500 computer from (name of popular computer company). Visit www.?????.com if you did not make this online purchase"; and "(Name of a financial institution): Your account has been suspended. Call ###.###.#### immediately to reactivate". The "hook" will be a legitimate looking web site that asks you to "confirm" (enter) your personal financial information, such as your credit/debit card number, CVV code (on the back of your credit card), your ATM card PIN, SSN, email address, and other personal information. If the "hook" is a phone number, it normally directs to a legitimate sounding automated voice response system, similar to the voice response systems used by many financial institutions, which will ask for the same personal information.

This is an example of a (complete) smishing message in current circulation: "Notice - this is an automated message from (a local credit union), your ATM card has been suspended. To reactivate call urgent at 866-###-####."

In many cases, the smishing message will show that it came from "5000" instead of displaying an actual phone number. This usually indicates the SMS message was sent via email to the cell phone, and not sent from another cell phone.

There are ways you can protect yourself if you get an unsolicited text message. First, don't click any links that are contained in the text. Never give out any sensitive information such as your address, your Social Security Number, or your bank account number. You can also forward smishing texts to 7726 and your cell phone provider will mark them as abuse. If you think you've been a victim of a smishing attack, file a complaint with the Federal Trade Commission at ftc.gov or call 1-877-HELP (4357).

This information is then used to create duplicate credit/debit/ATM cards. There are documented cases where information entered on a fraudulent web site (used in a phishing, smishing, or vishing attack) was used to create a credit or debit card that was used halfway around the world, within 30 minutes.

On March 9, 2012 Walmart issued a Fraud Alert regarding a large number of scam texts that offer a nonexistent $1000 gift card as bait.

From the above the thing that struck me was "vishing". As yet I wasn't fully able to digest the fact of SMiShing, and now another term, Vishing? Phew! Vishing is the criminal practice of using social engineering over the telephone system, most often using features facilitated by Voice over IP (VoIP), to gain access to private personal and financial information from the public for the purpose of financial reward. The term is a combination of "voice" and phishing.

The cyber crime is increasing quite rapidly. Internet, such a beautiful creation is being used for so many illegal purposes. The bigger problem is that many cyber crimes are being funded by some big names just to make people become their customers. Have you watched Mission Impossible 2? The movie shows the reality, big companies make virus and antivirus, first introducing the virus that crates a havoc and then unleashing that they have the cure! Believe it or not, I do believe that it's completely true! According to what I think, there is a rare case when somebody actually uses so much of their time and resources just to be a part of a crime, else they are being nurtured, funded and promoted by the big names only.

Related articles, and links that I found on the Internet and thought you may interested in looking:

Blog de Toxifier - Phishing

Consumer Affairs - Smishing

Get Safe Online Blog - Smishing

Dave and Dawn Cook - Smishing, Vishing, Phishing

Smishing Scam Walmart

Protect yourself from Smishing, Video by CNET

I hope you all liked the article. Always appreciate the comments and suggestions, so please do feel free to speak! :)

Good day! :D